CN108737093B - Encryption method, device and system - Google Patents

Encryption method, device and system Download PDF

Info

Publication number
CN108737093B
CN108737093B CN201710240086.9A CN201710240086A CN108737093B CN 108737093 B CN108737093 B CN 108737093B CN 201710240086 A CN201710240086 A CN 201710240086A CN 108737093 B CN108737093 B CN 108737093B
Authority
CN
China
Prior art keywords
key
network device
ciphertext
tgs
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710240086.9A
Other languages
Chinese (zh)
Other versions
CN108737093A (en
Inventor
陈庆
王学富
杨国梁
原磊
高光辉
武宏宇
李文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN201710240086.9A priority Critical patent/CN108737093B/en
Publication of CN108737093A publication Critical patent/CN108737093A/en
Application granted granted Critical
Publication of CN108737093B publication Critical patent/CN108737093B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides an encryption method, device and system, when an AS encrypts a third key, an adopted first key is one key in a first key set identified by a first identifier, when a TGS encrypts a fifth key, an adopted fourth key is one key in a second key set identified by a second identifier, namely a shared key of the AS and the TGS, and the shared key of the TGS and a second network device are not fixed keys but variable, and a malicious device cannot obtain the shared key between devices through replay attack, so that replay attack generated during identity authentication is effectively avoided.

Description

Encryption method, device and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to an encryption method, apparatus, and system.
Background
Quantum communication is a new communication technology combining quantum theory and information theory, and can realize high-performance communication by using quantum effect under physical limit. Quantum cryptography based on Quantum Key Distribution (QKD) protocols is one of the most important practical applications in Quantum communication. The quantum cryptography network is a secure communication network using quantum cryptography.
The quantum cryptography network is constructed by a quantum key distribution network and a classical communication network. The quantum key distribution network is used for carrying out key distribution and generating a quantum key for encryption. Classical communication networks use quantum keys to enable encrypted transmission of communication data. Each network device in the quantum cryptography network simultaneously comprises a classical communication sub-device and a key distribution sub-device, the classical communication sub-devices of each network device communicate with each other through a classical channel, and the key distribution sub-devices of each network device communicate with each other through a quantum channel.
The quantum cryptography network is an encrypted communication network with high security level requirements, and only legal network devices can access the quantum cryptography network, so that identity authentication is required for each network device accessing the quantum cryptography network. In the prior art, when performing identity authentication on network equipment, an encryption algorithm of a classical network is adopted, for example: the Kerberos protocol. In the Kerberos protocol, a fixed shared key is adopted among network devices to encrypt a session key, in order to prevent replay attack, a timestamp mechanism is adopted to authenticate the identity of the devices, after the identity authentication is passed, the session key is utilized among the devices to carry out session, and if malicious network devices are in clock synchronization with the network devices in the quantum cryptography network, the Kerberos protocol cannot prevent replay attack within effective time.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an encryption method and device, so that replay attack during identity authentication of network equipment can be effectively avoided.
Therefore, the technical scheme for solving the technical problem is as follows:
a method of encryption, the method comprising:
the method comprises the steps that first network equipment receives a first ciphertext and a first identifier sent by an AS (application server), wherein the first identifier is used for identifying a first key in a first key set, and the first key set comprises a plurality of shared keys of the AS and a TGS (triglycidyl isocyanurate);
the first network equipment acquires a second secret key, wherein the second secret key is a shared secret key of the first network equipment and the AS;
the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext, the second ciphertext is a ciphertext obtained by encrypting first session information by the first key, the first session information comprises a third key, and the third key is a session key of the first network equipment and the TGS;
the first network equipment sends the second ciphertext and the first identifier to the TGS, so that the TGS can obtain the first key according to the first identifier, decrypt the second ciphertext and obtain the third key;
The first network device receives a third ciphertext and a second identifier sent by the TGS, the second identifier is used for identifying a fourth key in a second key set, the second key set comprises a plurality of shared keys of the TGS and a second network device, the third ciphertext is a ciphertext obtained by encrypting second session information by the fourth key, the second session information comprises a fifth key, and the fifth key is a session key of the first network device and the second network device;
and the first network equipment sends the third ciphertext and the second identifier to the second network equipment, so that the second network equipment can obtain the fourth key according to the second identifier, decrypt the third ciphertext and obtain the fifth key.
In one example of the above-mentioned method,
the second ciphertext is a ciphertext obtained by doubly encrypting the first session information by a first sub-key and a second sub-key, and the first sub-key and the second sub-key are two sub-keys obtained by dividing the first key according to the type of an encryption algorithm;
and/or the presence of a gas in the gas,
the third ciphertext is a ciphertext obtained by doubly encrypting the second session information by using a third sub-key and a fourth sub-key, and the third sub-key and the fourth sub-key are two sub-keys obtained by dividing the fourth key according to the type of an encryption algorithm.
In one example of the above-mentioned method,
the first identifier is used for identifying an unused first key in the first key set;
and/or the presence of a gas in the atmosphere,
the second identifier is used to identify an unused fourth key in the second set of keys.
In one example, the first network device sending the second ciphertext and the first identifier to the TGS includes:
and the first network equipment sends the second ciphertext, the first identifier and the identifier of the first network equipment to the TGS, the identifier of the first network equipment is used for the TGS to carry out identity authentication on the first network equipment, and when the TGS passes the identity authentication on the first network equipment, the first network equipment is executed to receive a third ciphertext and a second identifier sent by the TGS.
In one example, the first network device sending the third ciphertext and the second identifier to the second network device includes:
and the first network equipment sends the third ciphertext, the second identifier and the identifier of the first network equipment to the second network equipment, wherein the identifier of the first network equipment is used for the second network equipment to carry out identity authentication on the first network equipment.
In one example of the above-mentioned method,
the first network equipment sends a first random number to the AS;
the decrypting, by the first network device, the first ciphertext according to the second key to obtain a second ciphertext includes:
the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext and a second random number;
and the first network equipment judges whether the first random number is consistent with the second random number or not, and if so, authenticates the AS to be legal.
In one example, the first network device sending the third ciphertext and the second identifier to the second network device includes:
the first network equipment sends the third ciphertext, the second identifier and a third random number to the second network equipment;
the first network device receives the identity authentication information sent by the second network device, and authenticates the validity of the second network device according to the fifth key and the identity authentication information, and the method specifically includes:
the first network device receives a first hash value and a fourth random number sent by the second network device, wherein the first hash value is obtained by performing hash operation on the third random number, the fifth key and the fourth random number;
And the first network equipment calculates a second hash value according to the fourth random number, judges whether the first hash value is consistent with the second hash value or not, and if so, authenticates that the second network equipment is legal.
In one example of the above-mentioned method,
the first network device further sends a third identifier to the AS, where the third identifier is used to identify a second key in a third key set, and the third key set includes a plurality of shared keys of the first network device and the AS;
the first network device obtaining the second key comprises:
and the first network equipment acquires the second key from a third key set according to the third identifier.
In one example, the receiving, by the first network device, the first ciphertext and the first identifier sent by the AS includes:
the first network equipment receives a third identifier sent by the AS;
the obtaining, by the first network device, the second key includes:
and the first network equipment acquires the second key according to the third identifier.
In one example, the third identifier is used to identify an unused second key in the third set of keys, the method further comprising:
and after the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext, the first network equipment sets the second key in the third key set as used.
A method of encryption, the method comprising:
the AS acquires a first key and a first identifier from a first key set, acquires a second key and generates a third key, wherein the first identifier is used for identifying the first key, the second key is a shared key of a first network device and the AS, the third key is a session key of the first network device and a TGS, and the first key set comprises a plurality of shared keys of the AS and the TGS;
the AS encrypts first information by using the first key to obtain a second ciphertext, wherein the first information comprises the third key;
the AS encrypts second information by using the second key to obtain a first ciphertext, wherein the second information comprises the second ciphertext;
and the AS sends the first ciphertext and the first identifier to the first network equipment.
In one example, the AS encrypting the first information by using the first key to obtain the second ciphertext comprises:
the AS divides the first key according to the type of the encryption algorithm to obtain a first sub-key and a second sub-key;
the AS encrypts the first information by using the first sub-key to obtain an initial ciphertext;
And the AS encrypts the initial ciphertext by using the second sub-key to obtain the second ciphertext.
In one example, the AS obtaining the first key from the first key set includes:
the AS obtains an unused first key from the first key set.
In one example of the above-mentioned method,
the AS further receives a random number from the first network device, and the AS encrypts second information by using the second key to obtain a first ciphertext, wherein the AS comprises:
and the AS encrypts the second ciphertext, the third key and the random number by using the second key to obtain the first ciphertext.
In one example of the above-mentioned method,
the AS also receiving a second identification from the first network device;
the AS acquiring the second key comprises:
and the AS obtains a second key identified by the second identifier from a second key set according to the second identifier, wherein the second key set comprises a plurality of shared keys of the first network equipment and the AS.
In one example, the AS obtaining the second key comprises:
the AS acquires a second key from a second key set and acquires a second identifier, wherein the second identifier is used for identifying the second key in the second key set;
The sending, by the AS, the first ciphertext and the first identifier to the first network device includes:
and the AS sends the first ciphertext, the first identifier and the second identifier to the first network equipment.
In one example, the second key is an unused key of the second set of keys, the method further comprising:
the AS identifies the second key in the second set of keys AS used.
A method of encryption, the method comprising:
the TGS receives a first ciphertext and a first identifier sent by first network equipment;
the TGS obtains a first key from a first key set according to the first identifier, wherein the first key set comprises shared keys of a plurality of ASs and the TGS;
the TGS decrypts the first ciphertext with the first key to obtain a second key, wherein the second key is a session key of the first network device and the TGS;
the TGS obtains a third key and a second identity from a second set of keys, the second set of keys comprising shared keys of a plurality of the TGSs and a second network device, the second identity identifying the third key;
the TGS generates a fourth key, the fourth key being a session key of the first network device and the second network device;
The TGS encrypts first session information by using the second key to generate a second ciphertext, and encrypts second session information by using the third key to generate a third ciphertext, wherein the first session information comprises the fourth key, and the second session information comprises the fourth key;
the TGS sends the second ciphertext, the third ciphertext, and the second identifier to the first network device.
In one example, the TGS decrypting the first ciphertext with the first key to obtain a second key comprises:
the TGS divides the first secret key according to the type of an encryption algorithm adopted by the AS to obtain a first sub-secret key and a second sub-secret key;
the TGS decrypts the first ciphertext by using the second sub-key to obtain a first initial ciphertext;
and the TGS decrypts the first initial ciphertext by using the first sub-key to obtain the second key.
In one example, the TGS encrypting the second session information with the third key to generate a third ciphertext comprises:
the TGS divides the third key according to the type of the encryption algorithm to obtain a third sub-key and a fourth sub-key;
The TGS encrypts the second session information by using the third sub-key to obtain a second initial ciphertext;
and the TGS encrypts the second initial ciphertext by using the fourth subkey to obtain the third ciphertext.
In one example, the first identifier is used to identify an unused first key in a first set of keys, the method further comprising:
the TGS sets the first key of the first set of keys to used;
and/or the presence of a gas in the gas,
the TGS obtains an unused third key from the second set of keys.
In one example, the TGS receiving the first ciphertext and the first identifier sent by the first network device includes:
the TGS receives a first ciphertext, a first identifier and an identifier of a first network device, which are sent by the first network device;
the TGS decrypts the first ciphertext by using the first key to obtain a decrypted device identifier;
and the TGS identifies whether the identifier of the first network equipment is the same as the identifier of the decrypted equipment, and if so, the identity authentication of the first network equipment is passed.
A method of encryption, the method comprising:
the second network equipment receives the ciphertext and the key identification sent by the first network equipment;
The second network equipment obtains a first key from a key set according to the key identification, wherein the key set comprises a plurality of shared keys of the second network equipment and the TGS;
and the second network equipment decrypts the ciphertext according to the first key to obtain a second key, wherein the second key is a session key of the first network equipment and the second network equipment.
In one example, the second network device decrypting the ciphertext according to the first key to obtain a second key includes:
the second network equipment divides the first secret key according to the type of an encryption algorithm adopted by the TGS to obtain a first sub-secret key and a second sub-secret key;
the second network equipment decrypts the ciphertext by using the first sub-key to obtain an initial ciphertext;
and the second network equipment decrypts the initial ciphertext by using the second sub-secret key to obtain the second secret key.
In one example, the receiving, by the second network device, the ciphertext and the key identification sent by the first network device includes:
the second network equipment receives the ciphertext, the key identification and the identification of the first network equipment, which are sent by the first network equipment;
The second network equipment decrypts the ciphertext according to the first key to obtain a decrypted equipment identifier;
and the second network equipment identifies whether the identifier of the first network equipment is the same as the decrypted equipment identifier, and if so, the identity authentication of the first network equipment is passed.
In one example, the key identification is used to identify an unused first key in the set of keys, the method further comprising:
the second network device identifies the first key in the set of keys as used.
In one example of the above-mentioned method,
the second network device receiving the ciphertext and the key identifier sent by the first network device includes:
the second network equipment receives the ciphertext, the key identification and the first random number sent by the first network equipment;
the second network device generates identity authentication information according to the second key and sends the identity authentication information to the first network device for identity authentication, and the method specifically includes:
the second network device generating a second random number;
the second network equipment performs hash operation on the second key, the first random number and the second random number to obtain a first hash value;
And the second network equipment sends the first hash value and the second random number to the first network equipment for identity authentication.
A first network device, the first network device comprising:
a first receiving unit, configured to receive a first ciphertext and a first identifier sent by an AS, where the first identifier is used to identify a first key in a first key set, and the first key set includes a plurality of shared keys of the AS and a TGS;
an obtaining unit, configured to obtain a second key, where the second key is a shared key of the first network device and the AS;
a decryption unit, configured to decrypt the first ciphertext according to the second key to obtain a second ciphertext, where the second ciphertext is a ciphertext obtained by encrypting, by the first key, first session information, where the first session information includes a third key, and the third key is a session key between the first network device and the TGS;
a first sending unit, configured to send the second ciphertext and the first identifier to the TGS, so that the TGS obtains the first key according to the first identifier, and decrypts the second ciphertext to obtain the third key;
A second receiving unit, configured to receive a third ciphertext and a second identifier sent by the TGS, where the second identifier is used to identify a fourth key in a second key set, the second key set includes shared keys of a plurality of TGS and a second network device, the third ciphertext is a ciphertext obtained by encrypting second session information by the fourth key, the second session information includes a fifth key, and the fifth key is a session key of the first network device and the second network device;
a second sending unit, configured to send the third ciphertext and the second identifier to the second network device, so that the second network device obtains the fourth key according to the second identifier, and decrypts the third ciphertext to obtain the fifth key.
In one example of the above-mentioned method,
the second ciphertext is a ciphertext obtained by doubly encrypting the first session information by a first sub-key and a second sub-key, and the first sub-key and the second sub-key are two sub-keys obtained by dividing the first key according to the type of an encryption algorithm;
and/or the presence of a gas in the gas,
the third ciphertext is a ciphertext obtained by doubly encrypting the second session information by using a third sub-key and a fourth sub-key, and the third sub-key and the fourth sub-key are two sub-keys obtained by dividing the fourth key according to the type of an encryption algorithm.
In one example of the above-mentioned method,
the first identifier is used for identifying an unused first key in the first key set;
and/or the presence of a gas in the gas,
the second identifier is used to identify an unused fourth key in the second set of keys.
In one example of the above-mentioned method,
the first sending unit is specifically configured to send the second ciphertext, the first identifier, and the identifier of the first network device to the TGS, where the identifier of the first network device is used for performing identity authentication on the first network device by the TGS, and when the identity authentication on the first network device by the TGS passes, the second receiving unit is executed to receive a third ciphertext and a second identifier sent by the TGS.
In one example of the above-mentioned method,
the second sending unit is specifically configured to send the third ciphertext, the second identifier, and the identifier of the first network device to the second network device, where the identifier of the first network device is used by the second network device to perform identity authentication on the first network device.
In one example, the first network device further comprises:
a third sending unit, configured to send the first random number to the AS;
the decryption unit comprises:
The decryption subunit is used for decrypting the first ciphertext according to the second key to obtain a second ciphertext and a second random number;
and the first authentication subunit is used for judging whether the first random number is consistent with the second random number or not, and if so, authenticating the AS to be legal.
In one example of the above-mentioned method,
the second sending unit is specifically configured to send the third ciphertext, the second identifier, and a third random number to the second network device;
the first network device further comprises:
the authentication unit is used for receiving the identity authentication information sent by the second network equipment and authenticating the validity of the second network equipment according to the fifth secret key and the identity authentication information;
the authentication unit includes:
a receiving subunit, configured to receive a first hash value and a fourth random number sent by the second network device, where the first hash value is obtained by performing hash operation on the third random number, the fifth key, and the fourth random number;
and the second authentication subunit is configured to calculate a second hash value according to the fourth random number, determine whether the first hash value is consistent with the second hash value, and authenticate the second network device as being legal if the first hash value is consistent with the second hash value.
In one example, the first network device further comprises:
a fourth sending unit, configured to send a third identifier to the AS, where the third identifier is used to identify a second key in a third key set, and the third key set includes shared keys of the plurality of first network devices and the AS;
the obtaining unit is specifically configured to obtain the second key from a third key set according to the third identifier.
In an example, the first receiving unit is specifically configured to receive a third identifier sent by the AS;
the obtaining unit is specifically configured to obtain the second key according to the third identifier.
In one example, the third identifier is used to identify an unused second key in the third set of keys, and the first network device further includes:
and the setting unit is used for setting the second key in the third key set to be used after the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext.
An AS server, the AS server comprising:
an obtaining unit, configured to obtain a first key and a first identifier from a first key set, obtain a second key, and generate a third key, where the first identifier is used to identify the first key, the second key is a shared key of a first network device and an AS, the third key is a session key of the first network device and a TGS, and the first key set includes shared keys of multiple ASs and the TGS;
A first encryption unit, configured to encrypt first information with the first key to obtain a second ciphertext, where the first information includes the third key;
a second encryption unit, configured to encrypt second information with the second key to obtain a first ciphertext, where the second information includes the second ciphertext;
and the sending unit is used for sending the first ciphertext and the first identifier to the first network equipment.
In one example, the first encryption unit includes:
a dividing subunit, configured to divide the first key according to the type of the encryption algorithm, to obtain a first sub-key and a second sub-key;
the first encryption subunit is used for encrypting the first information by using the first subkey to obtain an initial ciphertext;
and the second encryption subunit is configured to encrypt the initial ciphertext by using the second subkey to obtain the second ciphertext.
In one example of the above-mentioned method,
the obtaining unit is specifically configured to obtain an unused first key from the first key set.
In one example, the second encryption unit includes:
a first receiving subunit, configured to receive a random number from the first network device;
And the third encryption subunit is configured to encrypt the second ciphertext, the third key, and the random number by using the second key to obtain the first ciphertext.
In one example, the obtaining unit includes:
a second receiving subunit, configured to receive a second identifier from the first network device;
and the obtaining subunit is configured to obtain, according to the second identifier, a second key identified by the second identifier from a second key set, where the second key set includes a plurality of shared keys of the first network device and the AS.
In an example, the obtaining unit is specifically configured to obtain a second key from a second key set, and obtain a second identifier, where the second identifier is used to identify the second key in the second key set;
the sending unit is specifically configured to send the first ciphertext, the first identifier, and the second identifier to the first network device.
In one example, the second key is an unused key in the second set of keys, and the AS server further includes:
an identifying unit configured to identify the second key in the second key set as used.
A TGS server, comprising:
the receiving unit is used for receiving a first ciphertext and a first identifier sent by first network equipment;
a first obtaining unit, configured to obtain a first key from a first key set according to the first identifier, where the first key set includes shared keys of multiple ASs and the TGS;
a decryption unit, configured to decrypt the first ciphertext with the first key to obtain a second key, where the second key is a session key of the first network device and the TGS;
a second obtaining unit, configured to obtain a third key and a second identifier from a second key set, where the second key set includes shared keys of the TGSs and a second network device, and the second identifier is used to identify the third key;
a generation unit configured to generate a fourth key, where the fourth key is a session key of the first network device and the second network device;
an encrypting unit, configured to encrypt first session information with the second key to generate a second ciphertext, and encrypt second session information with the third key to generate a third ciphertext, where the first session information includes the fourth key, and the second session information includes the fourth key;
And the sending unit is used for sending the second ciphertext, the third ciphertext and the second identifier to the first network device.
In one example, the decryption unit includes:
the first dividing unit is used for dividing the first key according to the type of the encryption algorithm adopted by the AS to obtain a first sub-key and a second sub-key;
the first decryption subunit is configured to decrypt the first ciphertext by using the second subkey to obtain a first initial ciphertext;
and the second decryption subunit is used for decrypting the first initial ciphertext by using the first subkey to obtain the second key.
In one example, the encryption unit includes:
the second dividing subunit is used for dividing the third secret key according to the type of the encryption algorithm to obtain a third sub-secret key and a fourth sub-secret key;
the first encryption subunit is configured to encrypt the second session information by using the third sub-key to obtain a second initial ciphertext;
and the second encryption subunit is configured to encrypt the second initial ciphertext by using the fourth subkey to obtain the third ciphertext.
In one example, the first identifier is used to identify an unused first key in a first set of keys, the TGS server further comprises:
A first setting unit configured to set the first key in the first key set as used;
and/or the presence of a gas in the gas,
the second obtaining unit is specifically configured to obtain an unused third key from the second key set.
In one example, the receiving unit includes:
a receiving subunit, configured to receive a first ciphertext, a first identifier, and an identifier of a first network device, where the first ciphertext, the first identifier, and the identifier of the first network device are sent by the first network device;
the decryption subunit is configured to decrypt the first ciphertext by using the first key to obtain a decrypted device identifier;
and the identification subunit is used for identifying whether the identifier of the first network device is the same as the identifier of the decrypted device, and if so, passing the identity authentication of the first network device.
A second network device, the second network device comprising:
the receiving unit is used for receiving the ciphertext and the key identification sent by the first network equipment;
an obtaining unit, configured to obtain a first key from a key set according to the key identifier, where the key set includes shared keys of the plurality of second network devices and the TGS;
and the decryption unit is used for decrypting the ciphertext according to the first key to obtain a second key, wherein the second key is a session key of the first network device and the second network device.
In one example, the decryption unit includes:
the dividing subunit is used for dividing the first secret key according to the type of the encryption algorithm adopted by the TGS to obtain a first sub-secret key and a second sub-secret key;
the first decryption subunit is used for decrypting the ciphertext by using the first sub-key to obtain an initial ciphertext;
and the second decryption subunit is used for decrypting the initial ciphertext by using the second subkey to obtain the second key.
In one example, the receiving unit includes:
the first receiving subunit is configured to receive a ciphertext, a key identifier, and an identifier of the first network device, where the ciphertext, the key identifier, and the identifier are sent by the first network device;
the third decryption subunit is used for decrypting the ciphertext according to the first key to obtain a decrypted device identifier;
and the identification subunit is used for identifying whether the identifier of the first network device is the same as the decrypted device identifier, and if so, passing the identity authentication of the first network device.
In one example, the key identification is used to identify an unused first key in the set of keys, and the second network device further includes:
an identifying unit configured to identify the first key in the key set as used.
In one example of the above-mentioned method,
the receiving unit is specifically configured to receive a ciphertext, a key identifier, and a first random number sent by the first network device; the second network device further comprises:
the authentication unit is configured to generate identity authentication information according to the second key, send the identity authentication information to the first network device, and perform identity authentication, and specifically includes:
a generation subunit configured to generate a second random number;
the calculating subunit is configured to perform a hash operation on the second key, the first random number, and the second random number to obtain a first hash value;
and the sending subunit is configured to send the first hash value and the second random number to the first network device for identity authentication.
A system for encryption, the system comprising:
at least one first network device of said content, an AS server of said content, a TGS server of said content, and at least one second network device of said content.
According to the technical scheme, the invention has the following beneficial effects:
the embodiment of the invention provides an encryption method, wherein AS sends a first ciphertext and a first identifier to a first network device, the first network device obtains a second key to decrypt the first ciphertext to obtain a second ciphertext, the second ciphertext is a ciphertext obtained by encrypting the first key identified by the first identifier, the first network device sends the second ciphertext and the first identifier to a TGS, the TGS obtains the first key according to the first identifier, and decrypts the second ciphertext to obtain a third key; the TGS sends a third ciphertext and a second identifier to the first network device, the third ciphertext is a ciphertext obtained by encrypting a fourth key corresponding to the second identifier, the first network device sends the third ciphertext and the second identifier to the second network device, and the second network device obtains the fourth key according to the second identifier, decrypts the third ciphertext and obtains a fifth key. When the third key and the fifth key are encrypted, the adopted first key is one key in a first key set identified by the first identifier, the fourth key is one key in a second key set identified by the second identifier, namely, the shared key of the AS and the TGS and the shared key of the TGS and the second network device are not fixed keys but variable, and the malicious device cannot obtain the shared key between the devices through replay attack, so that replay attack generated during identity authentication is effectively avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a system to which an encryption method according to an embodiment of the present invention is applied;
FIG. 2 is a timing diagram illustrating an example of an encryption method according to an embodiment of the present invention;
fig. 3 is a flowchart of a dual encryption method according to an embodiment of the present invention;
FIG. 4 is a flowchart of a double decryption method according to an embodiment of the present invention;
FIG. 5 is a timing diagram illustrating another example of an encryption method according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a first network device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an AS server according to an embodiment of the present invention;
FIG. 8 is a schematic structural diagram of a TGS server according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a second network device according to an embodiment of the present invention;
Fig. 10 is a schematic structural diagram of an encryption system according to an embodiment of the present invention.
Detailed Description
In order to provide an implementation scheme for avoiding replay attack generated when a network device performs identity authentication, the embodiment of the present invention provides an encryption method, and the following describes a preferred embodiment of the present invention with reference to the drawings of the specification.
Fig. 1 is a schematic structural diagram of a system to which the encryption method provided in the embodiment of the present invention is applied, where the system includes a first network device 101, an Authentication Server (AS) 102, a Ticket issuing Server (TGS) 103, a second network device 104, and the first network device 101 and the second network device 104 are user terminal devices, respectively. When a first network device 101 requests to establish a session with a second network device 104, an AS 102 needs to perform identity authentication on the first network device 101, after the identity authentication of the first network device 101 passes, the AS 102 sends a ticket to the first network device 101 in an encryption mode, the first network device 101 sends the ticket to a TGS 103, the TGS 103 returns a session key to the first network device 101 in an encryption mode, and the first network device 101 communicates with the second network device 102 by using the session key. The encryption method used in the above steps will be described in detail below using specific examples.
Fig. 2 is a timing diagram of an encryption method according to an embodiment of the present invention, including:
201: the first network device sends an authentication request to an AS, wherein the authentication request comprises the identification of the first network device.
When a first network device wants to establish a session with a second network device, the first network device sends an authentication request to an AS. Step 201 is a step that has been completed before the implementation of the embodiments of the present invention.
202: and the AS acquires the first key and the first identifier from the first key set, acquires the second key and generates a third key.
After the AS receives the authentication request sent by the first network device, the AS generates a third key, wherein the third key is a session key between the first network device and the TGS. Wherein the third key may be a random number generated by the AS. I.e. the AS generates a session key between the first network device and the TGS. Here, the third key may be a random number generated by the true random number generator, or may be a quantum key random number generated by the quantum key distribution terminal.
The AS acquires the first key and the first identifier from the first key set. The second key is a shared key of the first network device and the AS, the first identifier is used for uniquely identifying the first key in a first key set, and the first key set comprises a plurality of shared keys of the AS and the TGS.
The first identifier can uniquely identify a first key in the first key set, and the first identifier may be a number corresponding to the first key, a pointer pointing to a storage area in the first key set, where the first key is stored, or a unique identifier generated for the first key. In the specific implementation, the specific expression of the first identifier is not limited as long as the first key can be uniquely identified.
The first key is a shared key of the AS and the TGS, i.e. both the AS and the TGS can obtain the first key from the first set of keys according to the first identity. Therefore, the AS encrypts the obtained ciphertext by using the first key and using the encryption algorithm, and the TGS may decrypt the ciphertext by using the first key and using the decryption algorithm. The decryption algorithm used by the TGS is a decryption algorithm corresponding to the encryption algorithm used by the AS.
In specific implementation, the AS and the TGS can be the same physical entity and can realize different functions; or may be a different physical entity. The AS and TGS may share a first set of keys comprising shared keys of a plurality of AS and TGS. The AS and the TGS may also respectively possess a first key set, and the first key set possessed by each of the AS and the TGS includes multiple identical shared keys, which are shared keys of both the AS and the TGS.
The AS acquires a first key from the first key set and acquires a first identifier which uniquely identifies the first key. In the prior art, the shared key of the AS and the TGS is unique and fixed, and even if a timestamp mechanism is adopted to authenticate the identity of the network equipment and the network equipment is attacked by replay of malicious network equipment, the malicious network equipment can acquire the shared key of the AS and the TGS within an effective timestamp range. However, the first key set of the present invention includes shared keys of multiple ASs and TGSs, the first key acquired by an AS each time is not fixed, and the first key is uniquely identified by a first identifier that can be identified by an AS and a TGS. Even if the attack is replayed by the malicious network equipment, the malicious network equipment cannot know the shared key of the AS and the TGS because the first key acquired by the AS from the first key set is not fixed.
In one example, the first key obtained by the AS from the first key set is an unused first key in the first key set, that is, the first identifier is used to identify the unused first key in the first key set. The shared key of each AS and TGS in the first key set is used only once and is not reused, so that the effectiveness of preventing replay attack is further improved.
The AS identifies that the authentication request is sent by the first network device based on the identity of the first network device in the authentication request. The AS obtains a second key, which is a shared key of the AS and the first network device. That is, the AS uses the second key to obtain the ciphertext obtained by the encryption algorithm, and the first network device may use the second key to decrypt the ciphertext by the decryption algorithm. The decryption algorithm used by the first network device is a decryption algorithm corresponding to the decryption algorithm used by the AS.
In one example, the second key may be a fixed shared key that the first network device has negotiated in advance with the AS. In another example, the AS obtains the second key from a third key set, where the third key set includes a plurality of shared keys of the first network devices and the AS, that is, the AS obtains an unfixed shared key negotiated with the first network devices.
It is to be understood that a fixed shared key or an unfixed shared key may be used between the first network device and the AS. Because the first secret key adopted when the second cryptograph is generated is not fixed, the generated second cryptograph also changes, and therefore, even if a fixed shared secret key is adopted between the first network device and the AS, the generated first cryptograph also changes, and replay attack can be effectively avoided. Of course, if the first network device and the AS also use an unfixed shared key, the security of the first ciphertext may be further increased.
When the first network device and the AS use an unfixed shared secret key, there are two possible implementations.
In a first possible implementation manner, the first network device selects the second key, and the authentication request further includes a third identifier, where the third identifier is used to identify the second key:
and the AS acquires the second key from the third key set according to the third identifier sent by the first network equipment.
In a second possible implementation, the AS selects the second key:
the AS acquires the second key and the third identifier from the third key set.
In the above two possible implementations, the second key identified by the third identifier may be an unused shared key in the third key set. Namely, after the shared key in the third key set is used once, the shared key is not reused, and the encryption security is further improved.
203: and the AS encrypts the first session information by using the first key to obtain a second ciphertext, and encrypts the second ciphertext by using the second key to obtain a first ciphertext, wherein the first session information comprises a third key.
The first session information includes the third key and also includes an identification of the first network device. The second ciphertext is a ciphertext obtained by encrypting the third key and the identity of the first network device with the first key. Because the first key is a shared key of the AS and the TGS, the TGS may also obtain the first key, decrypt the second ciphertext with the first key to obtain a third key and an identifier of the first network device, and the TGS may obtain the third key and the identifier of the first network device according to the identifier of the first network device, where the third key is a session key of the TGS and the first network device. And encrypting the first session information containing the third key by adopting the shared key of the AS and the TGS, wherein the third key can be obtained only by the TGS, so that malicious network equipment is prevented from falsely acting AS the session between the TGS and the first network equipment.
The first ciphertext is a ciphertext obtained by encrypting the third key and the second ciphertext with the second key. Since the second key is a shared key of the first network device and the AS, the first network device may also obtain the second key, and decrypt the first ciphertext with the second key to obtain a third key and a second ciphertext. The first network device obtains the third key, i.e. the session key for which a session with the TGS is known. Although the first network device obtains the second ciphertext, the second ciphertext is obtained by encrypting the first key, the first key is the shared key of the AS and the TGS, and the first network device cannot acquire the shared key of the AS and the TGS, so that the first network device cannot decrypt the second ciphertext.
204: and the AS sends the first ciphertext and the first identifier to the first network equipment.
And the AS sends the generated first ciphertext and the first identifier to the first network equipment. In the prior art, the AS and the TGS use fixed shared keys, so the AS does not need to inform the TGS which shared key to use. In the present invention, there are multiple shared keys of the AS and the TGS, and in order to enable the TGS to obtain a correct first key to decrypt the second ciphertext, it is necessary to inform the TGS which shared key is used. The AS sends a first identifier uniquely identifying the first key to the first network device. The first identifier is sent by the first network device to the TGS, which may obtain a first key for decrypting the second ciphertext from the first identifier.
After the first network device receives the first identifier, because the first identifier is used to identify a first key in a first key set, where the first key set includes shared keys of multiple ASs and TGS, the first network device does not have the first key set, and thus cannot obtain the first key from the first key set according to the first identifier, and cannot decrypt the second ciphertext.
205: and the first network equipment acquires the second key, decrypts the first ciphertext according to the second key to acquire a second ciphertext, wherein the second key is a shared key of the first network equipment and the AS.
When the first network device receives the first ciphertext sent by the AS, the second key, that is, the shared key of the first network device and the AS, is obtained in order to decrypt the first ciphertext. In one example, the second key may be a fixed shared key that the first network device has negotiated in advance with the AS. In another example, the first network device obtains an unfixed shared key negotiated with the AS. The specific implementation manner is similar to the manner in which the AS in 202 obtains the second key, and reference is made to the description in 202 that the AS obtains the second key, which is not described herein again.
Corresponding to 202, when an unfixed shared key is used between the first network device and the AS, there are two possible implementations for the first network device to obtain the second key:
in a first possible implementation manner, the first network device selects the second key, and the authentication request further includes a third identifier, where the third identifier is used to identify the second key:
and the first network equipment acquires the second key from the third key set according to the third identifier.
The first network device selects the second key AS a shared key with the AS, the first network device sends a third identifier for identifying the second key to the AS, and the first network device can obviously obtain the second key according to the third identifier after receiving the first ciphertext.
In a second possible implementation manner, the AS selects the second key, and sends the first ciphertext, the first identifier, and the third identifier to the first network device:
and the first network equipment acquires the second key from the third key set according to the third identifier sent by the AS.
If the malicious network device receives the first ciphertext sent by the AS, the malicious network device cannot obtain the second key, and cannot decrypt the first ciphertext to obtain the second ciphertext and the third key. Therefore, the identity authentication of the AS to the first network equipment is realized.
And the first network equipment decrypts the first ciphertext by using the second key, wherein the adopted decryption algorithm is a decryption algorithm corresponding to the encryption algorithm adopted when the AS encrypts the second ciphertext by using the second key, and the second ciphertext and the third key are obtained after decryption. The first network device obtains the third key, and the first network device obtains a session key for a session with the TGS.
When an unfixed shared key is used between the first network device and the AS, if the third identifier is used for identifying an unused second key in the third key set, the first network device sets the second key in the third key set AS used after the first network device successfully decrypts the first ciphertext by using the second key. The first network device informs the AS that the decryption was successful, and the AS also sets the second key in the third key set to be used.
The first network device obtains the second ciphertext, and also obtains the plaintext (the identifier of the first network device and the third key) in the second ciphertext, because the second ciphertext is obtained by encrypting the unfixed shared key between the AS and the TGS, the first network device cannot obtain the shared key between the AS and the TGS through replay attack, that is, the first network device cannot obtain the first key, and cannot impersonate the AS and the TGS.
206: and the first network equipment sends the second ciphertext and the first identifier to the TGS.
207: and the TGS obtains a first key from the first key set according to the first identifier, and decrypts the second ciphertext by using the first key to obtain a third key.
And the first network equipment sends the second ciphertext and the first identifier to the TGS, and simultaneously sends the identifier of the second network equipment to the TGS to inform the TGS that the second network equipment is an object for establishing a session. The TGS obtains a first key from the first key set according to the first identifier, namely obtains a shared key of the TGS and the AS. The first key set is as described in 202, and is not described in detail here. The TGS may decrypt the second ciphertext using the first key to obtain a third key and an identifier of the first network device, where a decryption algorithm used by the TGS is a decryption algorithm corresponding to an encryption algorithm used by the AS when encrypting using the first key, and the third key is a session key between the TGS and the first network device.
In one example, the first identifier is used to identify an unused first key in the first key set, and the TGS sets the first key in the first key set to be used after successfully decrypting the second ciphertext with the first key. I.e. the shared key of each TGS and AS in the first set of keys is used only once. The TGS informs the AS of the successful decryption information of the second ciphertext, and the AS also sets the first key in the first key set AS used.
The TGS also performs identity authentication on the first network device, and in the prior art, to prevent replay attack, before decrypting the ciphertext sent by the first network device, the TGS performs identity authentication on the first network device by using a timestamp mechanism, and when the identity authentication on the first network device passes, the TGS decrypts the ciphertext sent by the first network device. Certainly, the TGS in the present invention may also use a timestamp mechanism to perform identity authentication on the first network device. However, the present invention does not employ a time stamp mechanism to avoid replay attacks.
However, the time stamp mechanism is used to authenticate the first network device, which increases additional system consumption. In the invention, an unfixed shared key is adopted between the AS and the TGS to avoid replay attack. Therefore, the first network device may also send the identifier of the first network device to the TGS, the TGS compares the identifier of the first network device with the identifier of the network device obtained by decrypting the second ciphertext, and if the identifier of the first network device is the same as the identifier of the network device obtained by decrypting, the identity authentication of the first network device is passed.
208: and the TGS acquires a fourth key and a second identifier from the second key set, generates a fifth key, and encrypts the second session information by using the fourth key to generate a third ciphertext.
When the identity authentication of the first network device is passed, the TGS generates a fifth key, which is a session key of the first network device and the second network device. Wherein the fifth key may be a random number generated by the TGS. Here, the fifth key may be a random number generated by the true random number generator, or may be a quantum key random number generated by the quantum key distribution terminal.
The TGS identifies that the first network device wants to establish a session with the second network device according to the identifier of the second network device sent by the first network device, and the TGS obtains a fourth key and a second identifier from the second key set. The fourth key is a shared key of the TGS and the second network device, and the second identifier uniquely identifies the fourth key in the second set of keys, the second set of keys comprising the plurality of TGS and the shared key of the second network device.
The second identifier can uniquely identify a fourth key in the second key set, and the second identifier may be a number corresponding to the fourth key, a pointer pointing to a storage area in the second key set, where the fourth key is stored, or a unique identifier generated for the fourth key. In specific implementation, the specific expression of the second identifier is not limited, as long as the fourth key can be uniquely identified.
The fourth key is a shared key of the TGS and the second network device, i.e. both the TGS and the second network device can obtain the fourth key from the second set of keys according to the second identity. Therefore, the TGS encrypts the resulting ciphertext with the fourth key using the encryption algorithm, and the second network device may decrypt the ciphertext with the fourth key using the decryption algorithm. And the decryption algorithm used by the second network device is a decryption algorithm corresponding to the encryption algorithm used by the TGS.
The TGS obtains a fourth key from the second key set and obtains a second identifier uniquely identifying the fourth key. In the prior art, the shared key of the TGS and the second network device is unique and fixed, and even if a timestamp mechanism is used for identity authentication of the network device and the network device is attacked by replay of a malicious network device, the malicious network device can acquire the shared key of the TGS and the second network device within an effective timestamp range. However, the second key set of the present invention includes a plurality of TGSs and shared keys of the second network device, and a fourth key obtained by the TGS at a time is not fixed, and is uniquely identified by a second identifier that can be identified by the TGS and the second network device. Even if the malicious network device is attacked by replay, the malicious network device cannot know the shared key of the TGS and the second network device because the fourth key acquired by the TGS from the second key set is not fixed.
In one example, the fourth key obtained by the TGS from the second key set is an unused fourth key in the second key set, that is, the second identifier is used to identify the unused fourth key in the second key set. Each TGS in the second key set and the shared key of the second network device are used only once and are not repeatedly used, so that the effectiveness of preventing replay attack is further improved.
After the TGS obtains the fourth key, the second session information is encrypted by using the fourth key to generate a third ciphertext, where the second session information includes the fifth key and also includes the identifier of the first network device. The second network device decrypts the third ciphertext by using the fourth key to obtain a fifth key and an identifier of the first network device, where the identifier of the first network device can inform the second network device that a session needs to be established with the first network device, and the fifth key is a session key for the session between the second network device and the first network device.
Meanwhile, the TGS obtains a third key obtained by decrypting the second ciphertext, where the third key is a session key of the first network device and the TGS. The TGS also encrypts the fifth key and the identifier of the second network device according to the third key to obtain a fourth ciphertext. The first network device also knows the third key, and may decrypt the fourth ciphertext to obtain the fifth key and the identifier of the second network device. When the first network device obtains the identifier of the second network device, it is known that the fifth key is the session key of the first network device and the second network device. The above step is a step that is inevitably performed in the prior art, and is included in 208, which is not described herein again.
209: and the TGS sends the third ciphertext and the second identifier to the first network equipment.
210: and the first network equipment sends the third ciphertext and the second identifier to the second network equipment.
In practical application, the TGS further sends the fourth ciphertext to the first network device, and if the first network device knows the third key, the first network device knows the session key with the TGS, and the first network device decrypts the fourth ciphertext by using the third key to obtain the identifier of the second network device and the fifth key. When the first network device receives a third ciphertext and the second identifier sent by the TGS, the third ciphertext is a ciphertext obtained by encrypting the second session information with the fourth key, and the second session information includes the fifth key. The above step is a step necessarily performed in the prior art, and is performed before 210.
In the prior art, the third ciphertext is a ciphertext obtained by encrypting, by the TGS and a fixed shared key of the second network device, the second session information, where the second session information includes the fifth key and also includes an identifier of the first network device. The first network device decrypts the fourth ciphertext to obtain the fifth key, and if the identifier of the first network device is also known, the first network device knows the plaintext of the third ciphertext. The first network device may obtain the fixed shared key of the TGS and the second network device using a replay attack, at which time the first network device may impersonate the TGS in a session with the second network device.
To avoid the above problems in the prior art, the third ciphertext is encrypted by a fourth key of a second set of keys identified by the second identifier, the second set of keys comprising shared keys of the plurality of TGSs and the second network device. That is, the shared key of the TGS and the second network device used each time is not fixed, and the first network device cannot acquire the shared key of the TGS and the second network device by using replay attack, so that the security of the third ciphertext is improved. The first network device simply forwards the third ciphertext and the second identifier to the second network device.
211: and the second network equipment acquires a fourth key from the second key set according to the second identifier, and decrypts the third ciphertext by using the fourth key to acquire a fifth key.
And the first network equipment sends the third ciphertext and the second identifier to the second network equipment, and the second network equipment obtains a fourth key from the second key set according to the second identifier, namely obtains a shared key of the TGS and the second network equipment. This second set of keys is described in 208 and will not be described in detail here. And the second network equipment decrypts the third ciphertext by using the fourth key to obtain a fifth key and the identifier of the first network equipment, wherein the decryption algorithm adopted by the second network equipment is a decryption algorithm corresponding to the encryption algorithm adopted by the TGS when the TGS encrypts by using the fourth key, and the fifth key is a session key between the second network equipment and the first network equipment.
In one example, the second identifier is used to identify an unused fourth key in the second key set, and the second network device sets the fourth key in the second key set to be used after successfully decrypting the third ciphertext with the fourth key. I.e. each TGS in the second set of keys and the shared key of the second network device is used only once. The second network device informs the TGS of the successful decryption of the third ciphertext, and the TGS also sets the fourth key in the second key set to be used.
In the prior art, in order to prevent replay attack, before decrypting the ciphertext sent by the first network device, the second network device performs identity authentication on the first network device by using a timestamp mechanism, and when the identity authentication on the first network device passes, the second network device decrypts the ciphertext sent by the first network device. Of course, the second network device in the present invention may also use a timestamp mechanism to perform identity authentication on the first network device. However, the present invention does not employ a time stamping mechanism to avoid replay attacks.
However, using the timestamp mechanism to authenticate the first network device may increase additional system consumption. In the invention, an unfixed shared key is adopted between the TGS and the second network equipment to avoid replay attack. Therefore, the first network device may also send the identifier of the first network device to the second network device, and the second network device compares the identifier of the first network device with the identifier of the network device obtained by decrypting the third ciphertext, and if the identifier of the first network device is the same as the identifier of the network device obtained by decrypting, the identity authentication of the first network device is passed.
When the second network device passes the identity authentication of the first network device, the fifth key may be used to send identity authentication information to the first network device. And the first network equipment performs identity authentication on the second network equipment by using the identity authentication information. And after the identity authentication of the second network equipment is passed, the first network equipment and the second network equipment carry out conversation by using the fifth key.
From the above, the encryption method provided by the present invention has the following beneficial effects:
when the third key and the fifth key are encrypted, the adopted first key is one key in the first key set identified by the first identifier, the fourth key is one key in the second key set identified by the second identifier, namely, the shared key of the AS and the TGS, and the shared key of the TGS and the second network device are not fixed keys but variable, and the malicious device cannot obtain the shared key between the devices through replay attack, so that replay attack generated during identity authentication is effectively avoided.
Detailed description of the second ciphertext and the third ciphertext
The second ciphertext is a ciphertext obtained by encrypting the first session information by using the first key by the AS, and includes at least two possible implementation manners:
A first possible implementation:
and the AS directly encrypts the first session information by using the first key to obtain a second ciphertext.
In a first possible implementation manner, the AS directly encrypts the first session information to obtain a second ciphertext by using the first key and using a preset encryption algorithm.
For example, the following steps are carried out: k isTGSIs the first key, KSIs a third key, A is an identification of the first network device, KTGS256 bits in length, 128 bits in length of A, KSIs 256 bits, and K is encrypted by using AES encryption algorithm in CBC encryption modeS| | A (| | denotes a join operation), KSThe data length of the | | A is 384 bits, not a multiple of 256 bits, and a random number r with the length of 128 bits is added1Encrypted to obtain KTGS(KS||A||r1) Abbreviated as KTGS(KS,A)。
The above example is only for better explaining the first possible implementation manner, and is not limited to the implementation manner in the above example, and other encryption algorithms may also be adopted, and the lengths of the first key, the third key, and the identifier of the first network device may be specifically set according to actual needs, which is not described in detail herein.
In a second possible implementation manner, AS shown in fig. 3, the AS encrypts to obtain a second ciphertext by using a dual encryption manner:
The AS divides the first key according to the type of the encryption algorithm to obtain a first sub-key and a second sub-key;
the AS encrypts the first session information by using the first sub-key to obtain a first initial ciphertext;
and the AS encrypts the first initial ciphertext by using the second subkey to obtain a second ciphertext.
The AS divides the first key into two sub-keys according to the type of the encryption algorithm to obtain a first sub-key and a second sub-key, encrypts the first session information by using the first sub-key to obtain a first initial ciphertext, and encrypts the first initial ciphertext by using the second sub-key to obtain a second ciphertext. Namely, the first session information is doubly encrypted by using the first key, so that the encryption security is further improved.
For example, the following steps are carried out: kTGSIs the first key, KSIs a third key, A is an identification of the first network device, KTGSThe length of A is 640 bits, the length of A is 128 bits, KSIs 256 bits in length. Will KTGSPartitioning into a first sub-Key K1 TGSWith a second subkey K2 TGS,K1 TGSLength 384bit, K2 TGSLength of 256bit, K1 TGSLength equal to KSAnd the data length of a. Use K first1 TGSUsing XOR encryption algorithm to pair KSI A encryption (I represents the connection operation) to obtain K 1 TGS^(KS| a), then using K2 TGSUsing AES encryption algorithm to pair K in CBC encryption mode1 TGS^(KS| A) encryption, K1 TGS^(KSThe data length of | | A) is 384 bits, not a multiple of 256, a random number r with the length of 128 bits is added2Encrypted to obtain K2 TGS(K1 TGS^(KS||A)||r2) Abbreviated as KTGS(KS,A)。
The above example is only for better explaining the second possible implementation manner, and is not limited to the implementation manner in the above example, and other encryption algorithms may also be adopted, and the lengths of the first key, the third key, and the identifier of the first network device may be specifically set according to actual needs, which is not described in detail herein.
When the second possible implementation manner is adopted, when the TGS decrypts the second ciphertext according to the first key, the TGS also adopts a dual decryption manner to obtain a third key, as shown in fig. 4:
the TGS decrypting the second ciphertext with the first key to obtain a third key includes:
the TGS divides the first key according to the type of the encryption algorithm adopted by the AS to obtain a first sub-key and a second sub-key;
the TGS decrypts the second ciphertext by using the second sub-key to obtain a first initial ciphertext;
and the TGS decrypts the first initial ciphertext by using the first sub-key to obtain a third key.
The TGS divides the first key according to the type of the encryption algorithm adopted by the AS, the obtained first sub-key is the same AS the first sub-key obtained by the AS dividing the first key, and the obtained second sub-key is the same AS the second sub-key obtained by the AS dividing the first key. Therefore, the TGS decrypts the second ciphertext by using the decryption algorithm corresponding to the encryption algorithm used by the AS, decrypts the second ciphertext by using the second sub-key to obtain the first initial ciphertext, and decrypts the first initial ciphertext by using the first sub-key to obtain the third key. That is, the process of decrypting the second ciphertext by the TGS is the reverse of the process of generating the second ciphertext by the AS.
For example, the following steps are carried out: k isTGSIs the first key, KSIs a third key, A is an identification of the first network device, KTGSThe length of A is 640 bits, the length of A is 128 bits, KSIs 256 bits in length. Will KTGSDivided into two keys K1 TGSAnd K2 TGS,K1 TGSLength 384bit, K2 TGSLength of 256bit, K1 TGSLength equal to KSAnd the data length of a. First utilizes K2 TGSUsing AES decryption algorithm to pair K2 TGS(K1 TGS^(KS||A)||r2) Decrypting to obtain K1 TGS^(KS| A), reuse of K1 TGSUsing XOR decryption method to K1 TGS^(KSI A) is decrypted to obtain KSI A, thus obtaining KS
Certainly, the above example is only for better explaining the process of doubly decrypting the second ciphertext by the TGS, and is not limited to the description of the above example, and when the method for obtaining the second ciphertext by the double encryption adopted by the AS is changed, the process of doubly decrypting the second ciphertext by the TGS is also changed adaptively, and details are not repeated here.
The third ciphertext is a ciphertext obtained by encrypting the second session information by using the fourth key by the TGS, and includes at least two possible implementation manners:
a first possible implementation:
and the TGS directly encrypts the second session information by using a fourth key to obtain a third ciphertext.
In a first possible implementation manner, the TGS directly encrypts the second session information to obtain a third ciphertext by using a fourth key and using a preset encryption algorithm.
For example, the following steps are carried out: kBIs the fourth key, KABIs a fifth key, A is an identification of the first network device, KBLength of 256 bits, A length of 128 bits, KABIs 256 bits in length. Encrypting K using AES encryption algorithm in CBC encryption modeAB| | A (| | denotes a join operation), KABThe data length of | | A is 384 bits, not a multiple of 256, and a random number r with the length of 128 bits is added3Encrypted to obtain KB(KAB-||A||r3) Abbreviated as KB(KAB,A)。
The above example is only for better explaining the first possible implementation manner, and is not limited to the implementation manner in the above example, and other encryption algorithms, the lengths of the fourth key, the fifth key, and the identifier of the first network device may also be specifically set according to actual needs, which are not described in detail herein.
In a second possible implementation manner, the TGS encrypts to obtain a third ciphertext by using a dual encryption manner:
the TGS divides the fourth secret key according to the type of the encryption algorithm to obtain a third sub-secret key and a fourth sub-secret key;
the TGS encrypts the second session information by using the third sub-key to obtain a second initial ciphertext;
and the TGS encrypts the second initial ciphertext by using the fourth sub-key to obtain a third ciphertext.
And the TGS divides the fourth key into two sub-keys according to the type of the encryption algorithm to obtain a third sub-key and a fourth sub-key, encrypts the second session information by using the third sub-key to obtain a second initial ciphertext, and encrypts the second initial ciphertext by using the fourth sub-key to obtain a third ciphertext. Namely, the fourth key is used for realizing double encryption on the second session information, so that the encryption security is further improved.
For example, the following steps are carried out: kBIs the fourth key, KABIs a fifth key, A is an identification of the first network device, KBThe length of A is 640 bits, the length of A is 128 bits, KABIs 256 bits in length. Will KBPartitioning into a third sub-Key K1 BAnd a fourth subkey K2 B。K1 BLength 384bit, K2 BLength of 256bit, K1 BLength equal to KABAnd the data length of a. Use K first1 BUsing XOR encryption algorithm to pair KABI A encryption (I represents the connection operation) to obtain K1 B^(KABA) then use K2 BK pair by adopting AES encryption algorithm and CBC encryption mode1 B^(KAB| A) encryption, K1 B^(KABThe data length of | | A) is 384 bits, not a multiple of 256, a random number r with the length of 128 bits is added4Encrypted to obtain K2 B(K1 B^(KAB||A)||r4) Abbreviated as KB(KAB,A)。
The above example is only for better explaining the second possible implementation manner, and is not limited to the implementation manner in the above example, and other encryption algorithms may also be adopted, and the lengths of the fourth key, the fifth key, and the identifier of the first network device may be specifically set according to actual needs, which is not described in detail herein.
When the second possible implementation manner is adopted, the second network device also obtains the fifth secret key in a double decryption manner when decrypting the third ciphertext according to the fourth secret key:
the second network device decrypts the third ciphertext by using the fourth key to obtain a fifth key, which includes:
the second network equipment divides the fourth secret key according to the type of an encryption algorithm adopted by the TGS to obtain a third sub-secret key and a fourth sub-secret key;
the second network equipment decrypts the third ciphertext by using the fourth sub-key to obtain a second initial ciphertext;
and the second network equipment decrypts the second initial ciphertext by using the third sub-key to obtain a fifth key.
And the second network equipment divides the fourth key according to the type of the encryption algorithm adopted by the TGS, the obtained third sub-key is the same as the third sub-key obtained by dividing the fourth key by the TGS, and the obtained fourth sub-key is also the same as the fourth sub-key obtained by dividing the fourth key by the TGS. Therefore, the second network device decrypts the third ciphertext by using the decryption algorithm corresponding to the encryption algorithm used by the TGS, decrypts the third ciphertext by using the fourth sub-key to obtain the second initial ciphertext, and decrypts the second initial ciphertext by using the third sub-key to obtain the fifth key. That is, the decryption process of the third ciphertext by the second network device is the inverse of the process of the TGS generating the third ciphertext.
For example, the following steps are carried out: kBIs the fourth key, KABIs a fifth key, A is an identification of the first network device, KBThe length of A is 640 bits, the length of A is 128 bits, KABIs 256 bits in length. Will KBPartitioning into a third sub-Key K1 BAnd a fourth subkey K2 B。K1 BLength 384 bits, K2 BLength of 256bit, K1 BLength equal to KABAnd the data length of a. Use K first2 BUsing AES decryption algorithm to pair K2 B(K1 B^(KAB||A)||r4) Decrypting to obtain K1 B^(KAB| A), reuse K1 BUsing XOR decryption algorithm to pair K1 B^(KABI A) decryption to obtain KABI A, thus obtaining KAB
Certainly, the above example is only for better explaining the process of the second network device performing the double decryption on the third ciphertext, and is not limited to the description of the above example, and when the method for obtaining the third ciphertext through the double encryption adopted by the TGS is changed, the process of the second network device performing the double decryption on the third ciphertext is also changed adaptively, and details are not repeated here.
The above description describes in detail a method of generating the second ciphertext and the third ciphertext using a dual encryption method, and also describes in detail a method of decrypting the second ciphertext and the third ciphertext using a dual decryption method. In practical application, the second ciphertext can be generated only by adopting a double encryption method, the third ciphertext can be generated only by adopting a double encryption method, the second ciphertext and the third ciphertext can be generated by adopting a double encryption method simultaneously, and the decryption method of the second ciphertext and the third ciphertext can be adjusted along with the adaptability of the encryption method.
Detailed description of the first set of keys, the second set of keys and the third set of keys
The first key set includes a plurality of shared keys of the AS and the TGS, and the shared keys may be specifically set by a technician according to actual needs, or may be generated in a certain manner according to actual needs.
In one example, presetting the first set of keys includes:
quantum key data generated by quantum key distribution of a QKD terminal of the AS and a QKD terminal of the TGS are obtained;
dividing the quantum key data according to a preset length to obtain a plurality of shared keys of the AS and the TGS;
setting a key identifier for the shared key of each AS and TGS;
and establishing a corresponding relation between the shared key of each AS and TGS and the key identifier of the shared key to obtain a first key set.
The method for presetting the first key set is applicable to the AS and also applicable to the TGS. The AS and the TGS negotiate a preset length in advance, and negotiate a setting method of a key identifier of a shared key of each AS and TGS, so that a first key set preset by the AS is completely the same AS a first key set preset by the TGS. When the AS and the TGS are the same physical entity, the AS and the TGS may share the same first key set, and it can be understood that the shared keys obtained from the shared first key set by the AS and the TGS respectively using the same key identifier are necessarily the same. When the AS and the TGS are different physical entities, the AS and the TGS respectively possess a first key set, and the shared keys obtained by the AS and the TGS respectively from the first key sets owned by the AS and the TGS by adopting the same key identification are the same.
Wherein, when the AS and the TGS negotiate the preset length in advance, the selected preset length is related to the type of the encryption algorithm adopted by the AS. For example, the encryption algorithm used in the embodiment of the present invention includes: symmetric encryption algorithm, exclusive-or encryption algorithm, etc. When an Advanced Encryption Standard (AES) algorithm in symmetric Encryption is used, the AES Encryption algorithm includes a 128-bit AES Encryption algorithm, a 192-bit AES Encryption algorithm, and a 256-bit AES Encryption algorithm, and if a 256-bit AES Encryption algorithm is used, the preset length is 256 bits. The preset length is set according to the type of other encryption algorithms in a similar manner, and is not described in detail.
If each shared key in the first key set can be used only once, when the shared keys of the AS and the TGS in the first key set are used, the QKD terminal of the AS and the QKD terminal of the TGS perform quantum key distribution to generate new quantum key data, and the AS and the TGS update the shared keys in the first key set according to the new quantum key data.
The second key set includes a plurality of TGSs and shared keys of the second network device, and the plurality of shared keys may be specifically set by a technician according to actual needs, or may be generated in a certain manner according to actual needs.
In one example, presetting the second set of keys includes:
quantum key data generated by quantum key distribution between the QKD terminal of the TGS and the QKD terminal of the second network device are obtained;
dividing the quantum key data according to a preset length to obtain a plurality of TGSs and a shared key of a second network device;
setting a key identifier for each TGS and the shared key of the second network equipment;
and establishing a corresponding relation between the shared key of each TGS and the second network equipment and the key identifier of the shared key to obtain a second key set.
The above method of presetting the second key set is applicable to the TGS, and is also applicable to the second network device. The TGS and the second network equipment negotiate a preset length in advance, and negotiate a setting method of a key identifier of a shared key of each TGS and the second network equipment, so that a second key set preset by the TGS is completely the same as a second key set preset by the second network equipment. In general, the TGS and the second network device are different physical entities, the TGS and the second network device respectively possess a second key set, and the shared keys obtained by the TGS and the second network device from the second key sets respectively owned by the TGS and the second network device respectively using the same key identifier are the same.
Wherein, when the TGS and the second network device negotiate the preset length in advance, the selected preset length is related to a type of encryption algorithm employed by the TGS. The specific selection method is consistent with the method for selecting the preset length when generating the first key set, and details are not repeated here.
If each shared key in the second key set can be used only once, when the TGS in the second key set and the shared key of the second network device are both used, the QKD terminal of the TGS and the QKD terminal of the second network device perform quantum key distribution, and then generate new quantum key data, and the TGS and the second network device update the shared key in the second key set according to the new quantum key data.
The third key set includes a plurality of shared keys of the first network device and the AS, and the plurality of shared keys may be specifically set by a technician according to actual needs, or may be generated in a certain manner according to actual needs.
In one example, presetting the third set of keys includes:
quantum key data generated by quantum key distribution of a QKD terminal of the first network device and a QKD terminal of the AS are obtained;
Dividing the quantum key data according to a preset length to obtain a plurality of first network devices and shared keys of an AS;
setting a key identifier for each first network device and the shared key of the AS;
and establishing a corresponding relation between the shared key of each first network device and the AS and the key identifier of the shared key to obtain a third key set.
The method for presetting the third key set is applicable to the first network device, and is also applicable to the AS. The first network device and the AS negotiate a preset length in advance, and negotiate a setting method of a key identifier of a shared key of each first network device and the AS, so AS to ensure that a third key set preset by the first network device is completely the same AS a third key set preset by the AS. Generally, the first network device and the AS are different physical entities, the first network device and the AS respectively possess a third key set, and shared keys obtained by the first network device and the AS respectively from the third key sets owned by the first network device and the AS respectively by using the same key identifier are the same.
Wherein, when the first network device and the AS negotiate a preset length in advance, the selected preset length is related to the type of encryption algorithm employed by the AS. The specific selection method is consistent with the method for selecting the preset length when generating the first key set, and details are not repeated here.
If each shared key in the third key set can be used only once, when the shared keys of the first network device and the AS in the third key set are used, the QKD terminal of the first network device and the QKD terminal of the AS perform quantum key distribution to regenerate new quantum key data, and the first network device and the AS update the shared keys in the third key set according to the new quantum key data.
It should be noted here that, in the first key set, the second key set, and the third key set, the key identifier may take a plurality of expressions, and may be a number set in a certain order for the shared key; or a pointer to a storage area storing the shared key, or an identifier generated according to a certain rule for the shared key. The technical personnel can specifically set according to the actual needs, and the technical personnel are not specifically limited.
The first key set, the second key set and the third key set obtained by the method are all part of quantum key data, quantum key data generated by quantum key distribution is adopted, and the security is based on the physical characteristics of the principles of inaccuracy measurement, quantum non-clonality, quantum coherence and the like, and is proved to be unconditionally secure.
Description of identity authentication of AS and second network equipment by first network equipment
The following describes, in detail, the identity authentication method of the first network device to the AS and the second network device, and describes an encryption method by adding a random number, so AS to more effectively avoid replay attack and further improve security.
Fig. 5 is a timing chart of another example of the encryption method according to the embodiment of the present invention, which includes:
501: the first network device sends the identifier of the first network device, a third identifier and a first random number to the AS, wherein the third identifier is used for identifying an unused second key in a third key set, and the third key set comprises a shared key of the first network device and the AS.
A denotes an identity of the first network device, CTRATo representThird identification, RA1Representing a first random number.
502: the AS acquires a second key from the third key set according to the third identifier, checks whether the second key is used or not, and stops the processing process if the second key is used; if not, acquiring an unused first key and a first identifier for identifying the first key from the first key set, and generating a third key, wherein the first key set comprises a plurality of shared keys of the AS and the TGS, and the third key is a session key of the first network device and the TGS.
AS generates a random number AS a third key KS,KSRepresenting the session key of the first network device with the TGS, i.e. the third key K is generated by the ASS. According to the third identifier CTRAObtaining a second key K from a third set of keysAThe AS obtains a first key K from the first key setTGSAnd a first identifier CTRTGS
503: the AS encrypts the identifier of the first network device and the third key by using the first key to generate a second ciphertext, and encrypts the third key, the first random number and the second ciphertext by using the second key to obtain the first ciphertext.
First key KTGSIdentification A and third key K for a first network deviceSEncrypting to obtain a second ciphertext KTGS(KSA), using a second key KAFor the third key KSFirst random number RA1And a second ciphertext KTGS(KSA) encrypting to obtain a first ciphertext KA(KS,RA1,KTGS(KS,A))。
First key KTGSIdentification A and third key K for a first network deviceSEncrypting to obtain a second ciphertext KTGS(KSAnd a), the double encryption described above may also be adopted, which is not described herein again.
It will be appreciated that the first random number R is transmitted by the first network deviceA1Added to the generated first ciphertext due to the first random number R sent by the first network device each timeA1All are Same, i.e. the first ciphertext K generatedA(KS,RA1,KTGS(KSAnd A)) are different each time, so that replay attack can be better avoided.
504: and the AS sends the first ciphertext and the first identifier to the first network equipment.
AS combines the first ciphertext KA(KS,RA1,KTGS(KSA)) and a first identifier CTRTGSAnd sending the data to the first network equipment.
505: and the first network equipment acquires a second key from the third key set according to the third identifier, decrypts the first ciphertext by using the second key to acquire the third key, a second random number and the second ciphertext, judges whether the second random number is equal to the first random number or not, and if so, authenticates the AS by the first network equipment and sets the second key AS used.
506: the first network device sends a decryption success to the AS.
The first network equipment according to the third identifier CTRAObtaining a second key K from a third key setAUsing a second key KAFor the first ciphertext KA(KS,R’A1,KTGS(KSA)) to obtain a third key KSAnd a second random number R'A1And a second ciphertext KTGS(KSA). The first network equipment judges a second random number R'A1And a first random number RA1If yes, the first network equipment authenticates the AS to be legal, and the first network equipment authenticates the second secret key KASet to used, send decryption success to AS.
507: the AS sets the second key in the third set of keys to used.
The AS combines the second key K in the third key setASet to be used, the second key K is used when the next encryption is carried outAIs not available.
508: and the first network equipment sends the second ciphertext, the first identifier, the identifier of the first network equipment and the identifier of the second network equipment to the TGS.
B represents the identification of the second network equipment, and the first network equipment sends the second ciphertext KTGS(KSA), a first identifier CTRTGSThe identifier a of the first network device and the identifier B of the second network device are sent to the TGS.
509: the TGS obtains a first key from the first key set according to the first identifier, checks whether the first key is used or not, and stops the processing process if the first key is used; if not, the second ciphertext is decrypted by using the first key to obtain the identifier of the first decrypted network device and a third key, whether the identifier of the first decrypted network device is the same as the identifier of the first network device or not is compared, if so, the first network device is authenticated to be legal, and the first key is set to be used.
510: the TGS sends decryption success to the AS.
TGS utilizes a first key KTGSFor the second ciphertext KTGS(KSA ') obtaining the identification a' and the third key K of the first decrypted network device S. TGS compares the first decrypted ID A' of the network device with the ID A of the first network device, if yes, authenticates the first network device as legal, and verifies the first key KTGSSet to used, send decryption success to AS.
511: the AS sets a first key in the first set of keys AS used.
The AS combines the first key K in the first key setTGSSet to be used, the first key K is used when encryption is performed next timeTGSIs not available.
512: and the TGS acquires a fourth key and a second identifier from the second key set, generates a fifth key, encrypts the fifth key and the identifier of the first network equipment by using the fourth key to acquire a third ciphertext, and encrypts the fifth key and the identifier of the second network equipment by using the third key to acquire the fourth ciphertext.
TGS obtains a fourth key K from the second set of keysBAnd a second identifier CTRBGenerating a fifth key KAB. Using a fourth key KBFor the fifth key KABAnd a first networkThe mark A of the equipment is encrypted to obtain a third ciphertext KB(KABA), the identifier a of the first network device in the third cipher text is to inform the second network device that the object of the established session is the first network device, and the fifth key KABIs a session key for the first network device and the second network device. Using a third key K SFor the fifth key KABEncrypting the ID B of the second network equipment to obtain a fourth ciphertext KS(KABB), the fourth cipher text is used to inform the first network device that the session key with the second network device is the fifth key KAB
TGS utilizes the fourth key KBFor the fifth key KABEncrypting with the identifier A of the first network equipment to obtain a third ciphertext KB(KABAnd A), the double encryption described above can also be adopted, and the description is omitted here.
513: and the TGS sends the third ciphertext, the fourth ciphertext and the second identifier to the first network device.
TGS combines the third ciphertext KB(KABA), the fourth ciphertext KS(KABB) and a second identifier CTRBAnd sending the data to the first network equipment.
514: the first network equipment decrypts the fourth ciphertext by using the third key to obtain an identifier of the second decrypted network equipment and a fifth key, compares whether the identifier of the second decrypted network equipment is the same as the identifier of the second network equipment, determines that the fifth key is a session key of the second network equipment if the identifier of the second decrypted network equipment is the same as the identifier of the second network equipment, and generates a third random number; if not, the process is stopped.
The first network device utilizes the third key KSFor the fourth ciphertext KS(KABB ') to obtain the identification B' of the second decrypted network device and the fifth key K ABComparing whether the identification B' of the second decrypted network device is the same as the identification B of the second network device, if so, determining the fifth key KABIs a session key with the second network device, generates a third random number RA2
515: and the first network equipment sends the third ciphertext, the second identifier, the identifier of the first network equipment and the third random number to the second network equipment.
The first network equipment transmits the third ciphertext KB(KABA), second identifier CTRBAn identity a of the first network device and a third random number RA2And sending the data to the second network equipment.
516: the second network equipment obtains a fourth key from the second key set according to the second identifier, checks whether the fourth key is used or not, and stops the processing process if the fourth key is used; if not, the third cipher text is decrypted by using the fourth key to obtain the identifier of the third decrypted network equipment and the fifth key, whether the identifier of the third decrypted network equipment is the same as the identifier of the first network equipment or not is compared, if so, the first network equipment is authenticated to be legal, and the fourth key is set to be used.
517: the second network device sends a decryption success to the TGS.
The second network device uses the fourth key KBFor the third ciphertext KB(KABA ') decrypting to obtain an identification a' of the third decrypted network device and a fifth key K AB. The second network equipment compares the third decrypted identification A' of the network equipment with the identification A of the first network equipment, if so, the second network equipment authenticates that the first network equipment is legal, and the fourth key K is usedBSet to used, send decryption success to TGS.
518: the TGS sets a fourth key in the second set of keys to used.
TGS combines the fourth key K in the second set of keysBSet to be used, the fourth key K is used when encryption is performed next timeBIs not available.
519: and the second network equipment generates a fourth random number, and performs hash operation on the third random number, the fourth random number and the fifth key to obtain a first hash value.
520: the second network device sends the first hash value and the fourth random number to the first network device.
The second network device generates a fourth random number RBTo the thirdRandom number RA2A fourth random number RBAnd a fifth key KABCarrying out hash operation to obtain a first hash value HMAC (R)A2,RB;KAB) The first hash value HMAC (R)A2,RB;KAB) And a fourth random number RBAnd sending the information to the first network equipment.
521: and the first network equipment performs hash operation according to the fourth random number, the third random number and the fifth key to obtain a second hash value, judges whether the second hash value is the same as the first hash value or not, and if so, authenticates the second network equipment to be legal.
The first network equipment is according to the fourth random number RBA third random number RA2And a fifth key KABAnd performing hash operation to obtain a second hash value, judging whether the second hash value is the same as the first hash value, and if so, authenticating that the second network equipment is legal.
In the prior art, a timestamp mechanism is used for the first network device to authenticate that the second network device is legal, and additional system resources need to be consumed. In the present invention, the addition of a fourth random number R is adoptedBAnd the method is combined with a Hash operation mode, so that the legality of the first network equipment to the second network equipment is authenticated, a timestamp mechanism is not required, and system resources are saved.
Fig. 6 is a schematic structural diagram of a first network device according to an embodiment of the present invention, which includes:
a first receiving unit 601, configured to receive a first ciphertext and a first identifier sent by an AS, where the first identifier is used to identify a first key in a first key set, and the first key set includes a plurality of shared keys of the AS and a TGS.
An obtaining unit 602, configured to obtain a second key, where the second key is a shared key of the first network device and the AS.
A decrypting unit 603, configured to decrypt the first ciphertext according to the second key to obtain a second ciphertext, where the second ciphertext is a ciphertext obtained by encrypting, by the first key, first session information, where the first session information includes a third key, and the third key is a session key between the first network device and the TGS.
A first sending unit 604, configured to send the second ciphertext and the first identifier to the TGS, so that the TGS obtains the first key according to the first identifier, and decrypts the second ciphertext to obtain the third key.
A second receiving unit 605, configured to receive a third ciphertext and a second identifier sent by the TGS, where the second identifier is used to identify a fourth key in a second key set, the second key set includes shared keys of a plurality of TGS and a second network device, the third ciphertext is a ciphertext obtained by encrypting second session information by the fourth key, the second session information includes a fifth key, and the fifth key is a session key of the first network device and the second network device.
A second sending unit 606, configured to send the third ciphertext and the second identifier to the second network device, so that the second network device obtains the fourth key according to the second identifier, and decrypts the third ciphertext to obtain the fifth key.
In one example of the above-mentioned method,
the second ciphertext is a ciphertext obtained by doubly encrypting the first session information by a first sub-key and a second sub-key, and the first sub-key and the second sub-key are two sub-keys obtained by dividing the first key according to the type of an encryption algorithm;
And/or the presence of a gas in the gas,
the third ciphertext is a ciphertext obtained by doubly encrypting the second session information by using a third subkey and a fourth subkey, and the third subkey and the fourth subkey are two subkeys obtained by dividing the fourth key according to the type of an encryption algorithm.
In one example of the above-mentioned method,
the first identifier is used for identifying an unused first key in the first key set;
and/or the presence of a gas in the atmosphere,
the second identifier is used to identify an unused fourth key in the second set of keys.
In one example of the above-mentioned method,
the first sending unit 604 is specifically configured to send the second ciphertext, the first identifier and the identifier of the first network device to the TGS, where the identifier of the first network device is used for performing identity authentication on the first network device by the TGS, and when the identity authentication on the first network device by the TGS passes, the second receiving unit 605 is executed to receive the third ciphertext and the second identifier sent by the TGS.
In one example of the above-described method,
the second sending unit 606 is specifically configured to send the third ciphertext, the second identifier, and the identifier of the first network device to the second network device, where the identifier of the first network device is used for the second network device to perform identity authentication on the first network device.
In one example, the first network device further comprises:
a third sending unit, configured to send the first random number to the AS;
the decryption unit 603 includes:
the decryption subunit is used for decrypting the first ciphertext according to the second key to obtain a second ciphertext and a second random number;
and the first authentication subunit is used for judging whether the first random number is consistent with the second random number or not, and if so, authenticating the AS to be legal.
In one example of the above-mentioned method,
the second sending unit 606 is specifically configured to send the third ciphertext, the second identifier, and a third random number to the second network device;
the first network device further comprises:
the authentication unit is used for receiving the identity authentication information sent by the second network equipment and authenticating the validity of the second network equipment according to the fifth key and the identity authentication information;
the authentication unit includes:
a receiving subunit, configured to receive a first hash value and a fourth random number sent by the second network device, where the first hash value is obtained by performing hash operation on the third random number, the fifth key, and the fourth random number;
And the second authentication subunit is configured to calculate a second hash value according to the fourth random number, determine whether the first hash value is consistent with the second hash value, and authenticate the second network device as being legal if the first hash value is consistent with the second hash value.
In one example, the first network device further comprises:
a fourth sending unit, configured to send a third identifier to the AS, where the third identifier is used to identify a second key in a third key set, and the third key set includes shared keys of the plurality of first network devices and the AS;
the obtaining unit 602 is specifically configured to obtain the second key from a third key set according to the third identifier.
In an example, the first receiving unit 601 is specifically configured to receive a third identifier sent by the AS;
the obtaining unit 602 is specifically configured to obtain the second key according to the third identifier.
In one example, the third identifier is used to identify an unused second key in the third set of keys, and the first network device further includes:
and the setting unit is used for setting the second key in the third key set to be used after the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext.
The first network device shown in fig. 6 is a first network device corresponding to the method shown in fig. 2 and fig. 5, the specific implementation manner is similar to the method shown in fig. 2 and fig. 5, and reference is made to the description of the method in fig. 2 and fig. 5, which is not repeated here.
Fig. 7 is a schematic structural diagram of an AS server according to an embodiment of the present invention, including:
an obtaining unit 701, configured to obtain a first key and a first identifier from a first key set, obtain a second key, and generate a third key, where the first identifier is used to identify the first key, the second key is a shared key of a first network device and the AS, the third key is a session key of the first network device and a TGS, and the first key set includes a plurality of shared keys of the AS and the TGS.
A first encryption unit 702, configured to encrypt first information with the first key to obtain a second ciphertext, where the first information includes the third key.
A second encrypting unit 703 is configured to encrypt second information with the second key to obtain a first ciphertext, where the second information includes the second ciphertext.
A sending unit 704, configured to send the first ciphertext and the first identifier to the first network device.
In one example, the first encryption unit 702 includes:
a dividing subunit, configured to divide the first key according to the type of the encryption algorithm, to obtain a first sub-key and a second sub-key;
the first encryption subunit is used for encrypting the first information by using the first subkey to obtain an initial ciphertext;
and the second encryption subunit is configured to encrypt the initial ciphertext by using the second subkey to obtain the second ciphertext.
In one example of the above-mentioned method,
the obtaining unit 701 is specifically configured to obtain an unused first key from the first key set.
In one example, the second encryption unit 703 includes:
a first receiving subunit, configured to receive a random number from the first network device;
and the third encryption subunit is configured to encrypt the second ciphertext, the third key, and the random number by using the second key to obtain the first ciphertext.
In an example, the obtaining unit 701 includes:
a second receiving subunit, configured to receive a second identifier from the first network device;
and the obtaining subunit is configured to obtain, according to the second identifier, a second key identified by the second identifier from a second key set, where the second key set includes shared keys of the multiple first network devices and the AS.
In an example, the obtaining unit 701 is specifically configured to obtain a second key from a second key set, and obtain a second identifier, where the second identifier is used to identify the second key in the second key set;
the sending unit 704 is specifically configured to send the first ciphertext, the first identifier, and the second identifier to the first network device.
In one example, the second key is an unused key in the second set of keys, and the AS server further includes:
an identifying unit, configured to identify the second key in the second key set as used.
The AS server shown in fig. 7 is an AS server corresponding to the method shown in fig. 2 and 5, and the specific implementation manner is similar to the method shown in fig. 2 and 5, and reference is made to the description of the method in fig. 2 and 5, which is not described again here.
Fig. 8 is a schematic structural diagram of a TGS server according to an embodiment of the present invention, including:
a receiving unit 801, configured to receive a first ciphertext and a first identifier sent by a first network device.
A first obtaining unit 802, configured to obtain a first key from a first key set according to the first identifier, where the first key set includes shared keys of multiple ASs and the TGS.
A decryption unit 803, configured to decrypt the first ciphertext with the first key to obtain a second key, where the second key is a session key of the first network device and the TGS.
A second obtaining unit 804, configured to obtain a third key and a second identifier from a second key set, where the second key set includes shared keys of the TGSs and a second network device, and the second identifier is used to identify the third key.
A generating unit 805 configured to generate a fourth key, where the fourth key is a session key of the first network device and the second network device.
An encrypting unit 806, configured to encrypt the first session information with the second key to generate a second ciphertext, and encrypt the second session information with the third key to generate a third ciphertext, where the first session information includes the fourth key, and the second session information includes the fourth key.
A sending unit 807, configured to send the second ciphertext, the third ciphertext, and the second identifier to the first network device.
In one example, the decryption unit 803 includes:
the first dividing unit is used for dividing the first key according to the type of the encryption algorithm adopted by the AS to obtain a first sub-key and a second sub-key;
The first decryption subunit is configured to decrypt the first ciphertext by using the second subkey to obtain a first initial ciphertext;
and the second decryption subunit is used for decrypting the first initial ciphertext by using the first subkey to obtain the second key.
In one example, the encryption unit 806 includes:
the second dividing subunit is used for dividing the third secret key according to the type of the encryption algorithm to obtain a third sub-secret key and a fourth sub-secret key;
the first encryption subunit is configured to encrypt the second session information by using the third sub-key to obtain a second initial ciphertext;
and the second encryption subunit is configured to encrypt the second initial ciphertext by using the fourth subkey to obtain the third ciphertext.
In one example, the first identifier is used to identify an unused first key in a first set of keys, the TGS server further comprises:
a first setting unit configured to set the first key in the first key set as used;
and/or the presence of a gas in the gas,
the second obtaining unit 804 is specifically configured to obtain an unused third key from the second key set.
In one example, the receiving unit 801 includes:
The receiving subunit is configured to receive a first ciphertext, a first identifier, and an identifier of the first network device, where the first ciphertext, the first identifier, and the identifier are sent by the first network device;
the decryption subunit is configured to decrypt the first ciphertext by using the first key to obtain a decrypted device identifier;
and the identification subunit is used for identifying whether the identifier of the first network device is the same as the identifier of the decrypted device, and if so, passing the identity authentication of the first network device.
The TGS server shown in fig. 8 is a TGS server corresponding to the method shown in fig. 2 and 5, and the specific implementation manner is similar to the method shown in fig. 2 and 5, and reference is made to the description of the method in fig. 2 and 5, which is not described again here.
Fig. 9 is a schematic structural diagram of a second network device according to an embodiment of the present invention, where the second network device includes:
a receiving unit 901, configured to receive the ciphertext and the key identifier sent by the first network device.
An obtaining unit 902, configured to obtain a first key from a key set according to the key identifier, where the key set includes shared keys of a plurality of second network devices and a TGS.
A decryption unit 903, configured to decrypt the ciphertext according to the first key to obtain a second key, where the second key is a session key of the first network device and the second network device.
In one example, the decryption unit 903 includes:
the dividing subunit is used for dividing the first secret key according to the type of the encryption algorithm adopted by the TGS to obtain a first sub-secret key and a second sub-secret key;
the first decryption subunit is used for decrypting the ciphertext by using the first sub-key to obtain an initial ciphertext;
and the second decryption subunit is used for decrypting the initial ciphertext by using the second subkey to obtain the second key.
In one example, the receiving unit 901 includes:
the first receiving subunit is configured to receive a ciphertext, a key identifier, and an identifier of the first network device, where the ciphertext, the key identifier, and the identifier are sent by the first network device;
the third decryption subunit is used for decrypting the ciphertext according to the first key to obtain a decrypted device identifier;
and the identification subunit is used for identifying whether the identifier of the first network device is the same as the decrypted device identifier, and if so, passing the identity authentication of the first network device.
In one example, the key identification is used to identify an unused first key in the set of keys, and the second network device further includes:
an identifying unit configured to identify the first key in the key set as used.
In one example of the above-mentioned method,
the receiving unit 901 is specifically configured to receive a ciphertext, a key identifier, and a first random number sent by the first network device; the second network device further comprises:
the authentication unit is configured to generate identity authentication information according to the second key, send the identity authentication information to the first network device, and perform identity authentication, and specifically includes:
a generation subunit configured to generate a second random number;
the calculating subunit is configured to perform a hash operation on the second key, the first random number, and the second random number to obtain a first hash value;
and the sending subunit is configured to send the first hash value and the second random number to the first network device for identity authentication.
The second network device shown in fig. 9 is a second network device corresponding to the method shown in fig. 2 and fig. 5, the specific implementation manner is similar to the method shown in fig. 2 and fig. 5, and reference is made to the description of the method in fig. 2 and fig. 5, which is not repeated here.
Fig. 10 is a schematic structural diagram of an encryption system according to an embodiment of the present invention, including:
at least one first network device 1001 AS described in fig. 6, an AS server 1002 AS described in fig. 7, a TGS server 1003 AS described in fig. 8, and at least one second network device 1004 AS described in fig. 9.
The encryption system shown in fig. 10 is a system corresponding to the method shown in fig. 2 and 5, and the specific implementation manner is similar to the method shown in fig. 2 and 5, and reference is made to the description of the method shown in fig. 2 and 5, which is not repeated here.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can make various improvements and modifications without departing from the principle of the present invention, and these improvements and modifications should also be construed as the protection scope of the present invention.

Claims (47)

1. A method of encryption, the method comprising:
the method comprises the steps that a first network device receives a first ciphertext and a first identifier sent by an Authentication Server (AS), wherein the first identifier is used for identifying a first key in a first key set, and the first key set comprises a plurality of shared keys of the AS and a ticket issuing server (TGS);
the first network equipment acquires a second secret key, wherein the second secret key is a shared secret key of the first network equipment and the AS;
the first network device decrypts the first ciphertext according to the second key to obtain a second ciphertext, wherein the second ciphertext is a ciphertext obtained by encrypting first session information by the first key, the first session information comprises a third key, and the third key is a session key of the first network device and the TGS;
The first network equipment sends the second ciphertext and the first identifier to the TGS, so that the TGS can obtain the first key according to the first identifier, decrypt the second ciphertext and obtain the third key;
the first network device receives a third ciphertext and a second identifier sent by the TGS, the second identifier is used for identifying a fourth key in a second key set, the second key set comprises a plurality of shared keys of the TGS and a second network device, the third ciphertext is a ciphertext obtained by encrypting second session information by the fourth key, the second session information comprises a fifth key, and the fifth key is a session key of the first network device and the second network device;
the first identifier is used for identifying an unused first key in the first key set; and/or the second identifier is used for identifying an unused fourth key in the second key set;
the first network device sends the third ciphertext and the second identifier to the second network device, so that the second network device obtains the fourth key according to the second identifier, decrypts the third ciphertext, and obtains the fifth key; wherein the content of the first and second substances,
Quantum key distribution is carried out between a QKD terminal of the AS and a QKD terminal of the TGS to generate quantum key data, the AS and the TGS divide the quantum key data according to preset lengths to obtain a plurality of shared keys of the AS and the TGS respectively, a key identifier is set for each shared key of the AS and the TGS, and a corresponding relation between the shared key of each AS and the TGS and the key identifier of the shared key is established to obtain a first key set; and/or quantum key distribution is carried out between a QKD terminal of the TGS and a QKD terminal of the second network device to generate quantum key data, the TGS and the second network device divide the quantum key data according to a preset length to obtain shared keys of a plurality of TGS and the second network device, key identifications are set for the shared keys of each TGS and the second network device, and a corresponding relation between the shared keys of each TGS and the second network device and the key identifications of the shared keys is established to obtain a second key set.
2. The method of claim 1,
the second ciphertext is a ciphertext obtained by doubly encrypting the first session information by a first sub-key and a second sub-key, and the first sub-key and the second sub-key are two sub-keys obtained by dividing the first key according to the type of an encryption algorithm;
And/or the presence of a gas in the gas,
the third ciphertext is a ciphertext obtained by doubly encrypting the second session information by using a third sub-key and a fourth sub-key, and the third sub-key and the fourth sub-key are two sub-keys obtained by dividing the fourth key according to the type of an encryption algorithm.
3. The method of claim 1, wherein the first network device sending the second ciphertext and the first identifier to the TGS comprises:
and the first network equipment sends the second ciphertext, the first identifier and the identifier of the first network equipment to the TGS, the identifier of the first network equipment is used for the TGS to carry out identity authentication on the first network equipment, and when the TGS passes the identity authentication on the first network equipment, the first network equipment is executed to receive a third ciphertext and a second identifier sent by the TGS.
4. The method of claim 1, wherein sending, by the first network device, the third ciphertext and the second identifier to the second network device comprises:
and the first network equipment sends the third ciphertext, the second identifier and the identifier of the first network equipment to the second network equipment, and the identifier of the first network equipment is used for the second network equipment to carry out identity authentication on the first network equipment.
5. The method of claim 1,
the first network equipment sends a first random number to the AS;
the decrypting, by the first network device, the first ciphertext according to the second key to obtain a second ciphertext includes:
the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext and a second random number;
and the first network equipment judges whether the first random number is consistent with the second random number or not, and if so, the AS is authenticated to be legal.
6. The method of any of claims 1-5, wherein sending, by the first network device, the third ciphertext and the second identifier to the second network device comprises:
the first network equipment sends the third ciphertext, the second identifier and a third random number to the second network equipment;
the first network device receives the identity authentication information sent by the second network device, and authenticates the validity of the second network device according to the fifth key and the identity authentication information, and the method specifically includes:
the first network device receives a first hash value and a fourth random number sent by the second network device, wherein the first hash value is obtained by performing hash operation on the third random number, the fifth key and the fourth random number;
And the first network equipment calculates a second hash value according to the fourth random number, judges whether the first hash value is consistent with the second hash value or not, and if so, authenticates that the second network equipment is legal.
7. The method of claim 1,
the first network device further sends a third identifier to the AS, where the third identifier is used to identify a second key in a third key set, and the third key set includes a plurality of shared keys of the first network device and the AS;
the first network device obtaining the second key comprises:
and the first network equipment acquires the second key from a third key set according to the third identifier.
8. The method of claim 1, wherein the receiving, by the first network device, the first ciphertext and the first identifier sent by the AS comprises:
the first network equipment receives a third identifier sent by the AS;
the obtaining, by the first network device, the second key includes:
and the first network equipment acquires the second key according to the third identifier.
9. The method according to any of claims 7-8, wherein the third identifier is used to identify an unused second key in the third set of keys, the method further comprising:
And after the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext, the first network equipment sets the second key in the third key set as used.
10. A method of encryption, the method comprising:
the Authentication Server (AS) acquires an unused first key and a first identifier from a first key set, acquires a second key, and generates a third key, wherein the first identifier is used for identifying the first key, the second key is a shared key of a first network device and the AS, the third key is a session key of the first network device and a ticket issuing server (TGS), and the first key set comprises a plurality of shared keys of the AS and the TGS;
the AS encrypts first information by using the first key to obtain a second ciphertext, wherein the first information comprises the third key;
the AS encrypts second information by using the second key to obtain a first ciphertext, wherein the second information comprises the second ciphertext;
the AS sends the first ciphertext and the first identifier to the first network equipment; wherein the content of the first and second substances,
Quantum key distribution is carried out between a QKD terminal of the AS and a QKD terminal of the TGS to generate quantum key data, the AS and the TGS divide the quantum key data according to preset lengths to obtain a plurality of shared keys of the AS and the TGS respectively, key identifications are set for the shared keys of the AS and the TGS, and a corresponding relation between the shared keys of the AS and the TGS and the key identifications of the shared keys is established to obtain the first key set.
11. The method AS claimed in claim 10, wherein the AS encrypting the first information with the first key to obtain the second ciphertext comprises:
the AS divides the first key according to the type of the encryption algorithm to obtain a first sub-key and a second sub-key;
the AS encrypts the first information by using the first sub-key to obtain an initial ciphertext;
and the AS encrypts the initial ciphertext by using the second sub-key to obtain the second ciphertext.
12. The method of any one of claims 10 to 11,
the AS also receives a random number from the first network equipment, and the AS encrypts second information by using the second key to obtain a first ciphertext, wherein the step of encrypting the second information by using the second key comprises the following steps:
And the AS encrypts the second ciphertext, the third key and the random number by using the second key to obtain the first ciphertext.
13. The method of claim 10,
the AS further receiving a second identification from the first network device;
the AS acquiring the second key comprises:
and the AS obtains a second key identified by the second identifier from a second key set according to the second identifier, wherein the second key set comprises a plurality of shared keys of the first network equipment and the AS.
14. The method AS claimed in claim 10, wherein the AS obtaining the second key comprises:
the AS acquires a second key from a second key set and acquires a second identifier, wherein the second identifier is used for identifying the second key in the second key set;
the sending, by the AS, the first ciphertext and the first identifier to the first network device includes:
and the AS sends the first ciphertext, the first identifier and the second identifier to the first network equipment.
15. The method of any one of claims 13-14, wherein the second key is an unused key in the second set of keys, the method further comprising:
The AS identifies the second key in the second set of keys AS used.
16. A method of encryption, the method comprising:
the method comprises the steps that a ticket issuing server TGS receives a first ciphertext and a first identifier sent by first network equipment;
the TGS obtains a first key from a first key set according to the first identifier, wherein the first key set comprises shared keys of a plurality of Authentication Servers (AS) and the TGS; the first identifier is used for identifying an unused first key in the first key set;
the TGS decrypts the first ciphertext with the first key to obtain a second key, wherein the second key is a session key of the first network device and the TGS; the TGS sets the first key of the first set of keys to used;
the TGS obtains an unused third key and a second identifier from a second key set, the second key set comprising shared keys of a plurality of the TGSs and a second network device, the second identifier identifying the third key; the TGS generates a fourth key, the fourth key being a session key of the first network device and the second network device;
The TGS encrypts first session information by using the second key to generate a second ciphertext, and encrypts second session information by using the third key to generate a third ciphertext, wherein the first session information comprises the fourth key, and the second session information comprises the fourth key;
the TGS sends the second ciphertext, the third ciphertext, and the second identifier to the first network device; wherein the content of the first and second substances,
quantum key distribution is carried out between a QKD terminal of the AS and a QKD terminal of the TGS to generate quantum key data, the AS and the TGS divide the quantum key data according to preset lengths to obtain a plurality of shared keys of the AS and the TGS respectively, a key identifier is set for each shared key of the AS and the TGS, and a corresponding relation between the shared key of each AS and the TGS and the key identifier of the shared key is established to obtain a first key set; and/or quantum key distribution is carried out between a QKD terminal of the TGS and a QKD terminal of the second network device to generate quantum key data, the TGS and the second network device divide the quantum key data according to a preset length to obtain shared keys of a plurality of TGS and the second network device, key identifications are set for the shared keys of each TGS and the second network device, and a corresponding relation between the shared keys of each TGS and the second network device and the key identifications of the shared keys is established to obtain a second key set.
17. The method of claim 16, wherein the TGS decrypting the first ciphertext with the first key to obtain a second key comprises:
the TGS divides the first secret key according to the type of an encryption algorithm adopted by the AS to obtain a first sub-secret key and a second sub-secret key;
the TGS decrypts the first ciphertext by using the second sub-key to obtain a first initial ciphertext;
and the TGS decrypts the first initial ciphertext by using the first sub-key to obtain the second key.
18. The method of claim 16, wherein the TGS encrypting the second session information with the third key to generate a third ciphertext comprises:
the TGS divides the third secret key according to the type of the encryption algorithm to obtain a third sub-secret key and a fourth sub-secret key;
the TGS encrypts the second session information by using the third sub-key to obtain a second initial ciphertext;
and the TGS encrypts the second initial ciphertext by using the fourth subkey to obtain the third ciphertext.
19. The method of any of claims 16-18, wherein the TGS receiving the first ciphertext and the first identifier transmitted by the first network device comprises:
The TGS receives a first ciphertext, a first identifier and an identifier of a first network device, which are sent by the first network device;
the TGS decrypts the first ciphertext by using the first key to obtain a decrypted device identifier;
and the TGS identifies whether the identifier of the first network equipment is the same as the identifier of the decrypted equipment, and if so, the identity authentication of the first network equipment is passed.
20. A method of encryption, the method comprising:
the second network equipment receives the ciphertext and the key identification sent by the first network equipment;
the second network equipment obtains a first key from a key set according to the key identification, wherein the key set comprises a plurality of shared keys of the second network equipment and a ticket issuing server (TGS);
the key identification is used for identifying a first key which is not used in the key set;
the second network device decrypts the ciphertext according to the first key to obtain a second key, wherein the second key is a session key of the first network device and the second network device;
the second network device identifying the first key of the set of keys as used; wherein the content of the first and second substances,
Quantum key distribution is carried out between a QKD terminal of the TGS and a QKD terminal of second network equipment to generate quantum key data, the TGS and the second network equipment divide the quantum key data according to preset lengths to obtain shared keys of a plurality of TGS and the second network equipment, key identifications are set for the shared keys of each TGS and the second network equipment, and a corresponding relation between the shared keys of each TGS and the second network equipment and the key identifications of the shared keys is established to obtain the key set.
21. The method of claim 20, wherein the second network device decrypting the ciphertext according to the first key to obtain a second key comprises:
the second network equipment divides the first secret key according to the type of an encryption algorithm adopted by the TGS to obtain a first sub-secret key and a second sub-secret key;
the second network equipment decrypts the ciphertext by using the first sub-key to obtain an initial ciphertext;
and the second network equipment decrypts the initial ciphertext by using the second sub-secret key to obtain the second secret key.
22. The method of claim 20, wherein the second network device receiving the ciphertext and the key identification sent by the first network device comprises:
The second network equipment receives the ciphertext, the key identification and the identification of the first network equipment which are sent by the first network equipment;
the second network equipment decrypts the ciphertext according to the first secret key to obtain a decrypted equipment identifier;
and the second network equipment identifies whether the identifier of the first network equipment is the same as the decrypted equipment identifier, and if so, the identity authentication of the first network equipment is passed.
23. The method of any one of claims 20-22,
the second network device receiving the ciphertext and the key identifier sent by the first network device includes:
the second network equipment receives the ciphertext, the key identification and the first random number sent by the first network equipment;
the second network device generates identity authentication information according to the second key and sends the identity authentication information to the first network device for identity authentication, and the method specifically includes:
the second network device generating a second random number;
the second network equipment performs hash operation on the second key, the first random number and the second random number to obtain a first hash value;
and the second network equipment sends the first hash value and the second random number to the first network equipment for identity authentication.
24. A first network device, wherein the first network device comprises:
a first receiving unit, configured to receive a first ciphertext and a first identifier sent by an authentication server AS, where the first identifier is used to identify a first key in a first key set, and the first key set includes a plurality of shared keys of the AS and a ticket issuing server TGS;
an obtaining unit, configured to obtain a second key, where the second key is a shared key of the first network device and the AS;
a decryption unit, configured to decrypt the first ciphertext according to the second key to obtain a second ciphertext, where the second ciphertext is a ciphertext obtained by encrypting, by the first key, first session information, where the first session information includes a third key, and the third key is a session key between the first network device and the TGS;
a first sending unit, configured to send the second ciphertext and the first identifier to the TGS, so that the TGS obtains the first key according to the first identifier, and decrypts the second ciphertext to obtain the third key;
a second receiving unit, configured to receive a third ciphertext and a second identifier sent by the TGS, where the second identifier is used to identify a fourth key in a second key set, the second key set includes shared keys of a plurality of TGSs and a second network device, the third ciphertext is a ciphertext obtained by encrypting second session information by using the fourth key, the second session information includes a fifth key, and the fifth key is a session key of the first network device and the second network device;
The first identifier is used for identifying an unused first key in the first key set; and/or, the second identifier is used for identifying an unused fourth key in the second key set;
a second sending unit, configured to send the third ciphertext and the second identifier to the second network device, so that the second network device obtains the fourth key according to the second identifier, and decrypts the third ciphertext to obtain the fifth key; wherein the content of the first and second substances,
quantum key distribution is carried out on a QKD terminal of the AS and a QKD terminal of the TGS through the quantum key distribution of the AS to generate quantum key data, the AS and the TGS divide the quantum key data according to preset lengths to obtain a plurality of shared keys of the AS and the TGS respectively, key identifications are set for the shared keys of the AS and the TGS, and a corresponding relation between the shared key of the AS and the TGS and the key identification of the shared key is established to obtain a first key set; and/or quantum key distribution is carried out between a QKD terminal of the TGS and a QKD terminal of the second network device to generate quantum key data, the TGS and the second network device divide the quantum key data according to a preset length to obtain shared keys of a plurality of TGS and the second network device, key identifications are set for the shared keys of each TGS and the second network device, and a corresponding relation between the shared keys of each TGS and the second network device and the key identifications of the shared keys is established to obtain a second key set.
25. The first network device of claim 24,
the second ciphertext is a ciphertext obtained by doubly encrypting the first session information by a first sub-key and a second sub-key, and the first sub-key and the second sub-key are two sub-keys obtained by dividing the first key according to the type of an encryption algorithm;
and/or the presence of a gas in the gas,
the third ciphertext is a ciphertext obtained by doubly encrypting the second session information by using a third sub-key and a fourth sub-key, and the third sub-key and the fourth sub-key are two sub-keys obtained by dividing the fourth key according to the type of an encryption algorithm.
26. The first network device of claim 24,
the first sending unit is specifically configured to send the second ciphertext, the first identifier, and the identifier of the first network device to the TGS, where the identifier of the first network device is used for performing identity authentication on the first network device by the TGS, and when the identity authentication on the first network device by the TGS passes, the second receiving unit is executed to receive a third ciphertext and a second identifier sent by the TGS.
27. The first network device of claim 24,
the second sending unit is specifically configured to send the third ciphertext, the second identifier, and the identifier of the first network device to the second network device, where the identifier of the first network device is used by the second network device to perform identity authentication on the first network device.
28. The first network device of claim 24, wherein the first network device further comprises:
a third sending unit, configured to send the first random number to the AS;
the decryption unit comprises:
the decryption subunit is used for decrypting the first ciphertext according to the second key to obtain a second ciphertext and a second random number;
and the first authentication subunit is used for judging whether the first random number is consistent with the second random number or not, and if so, authenticating the AS to be legal.
29. The first network device of any of claims 24-28,
the second sending unit is specifically configured to send the third ciphertext, the second identifier, and a third random number to the second network device;
the first network device further comprises:
The authentication unit is used for receiving the identity authentication information sent by the second network equipment and authenticating the validity of the second network equipment according to the fifth key and the identity authentication information;
the authentication unit includes:
a receiving subunit, configured to receive a first hash value and a fourth random number sent by the second network device, where the first hash value is obtained by performing hash operation on the third random number, the fifth key, and the fourth random number;
and the second authentication subunit is configured to calculate a second hash value according to the fourth random number, determine whether the first hash value is consistent with the second hash value, and authenticate the second network device as being legal if the first hash value is consistent with the second hash value.
30. The first network device of claim 24, wherein the first network device further comprises:
a fourth sending unit, configured to send a third identifier to the AS, where the third identifier is used to identify a second key in a third key set, and the third key set includes shared keys of the plurality of first network devices and the AS;
the obtaining unit is specifically configured to obtain the second key from a third key set according to the third identifier.
31. The first network device of claim 24,
the first receiving unit is specifically configured to receive a third identifier sent by the AS;
the obtaining unit is specifically configured to obtain the second key according to the third identifier.
32. The first network device of any one of claims 30-31, wherein the third identifier is configured to identify an unused second key in the third set of keys, and wherein the first network device further comprises:
and the setting unit is used for setting the second key in the third key set to be used after the first network equipment decrypts the first ciphertext according to the second key to obtain a second ciphertext.
33. An AS authentication server, the AS authentication server comprising:
an obtaining unit, configured to obtain an unused first key and a first identifier from a first key set, obtain a second key, and generate a third key, where the first identifier is used to identify the first key, the second key is a shared key of a first network device and an AS, the third key is a session key of the first network device and a ticket issuing server TGS, and the first key set includes a plurality of shared keys of the AS and the TGS;
A first encryption unit, configured to encrypt first information with the first key to obtain a second ciphertext, where the first information includes the third key;
a second encryption unit, configured to encrypt second information with the second key to obtain a first ciphertext, where the second information includes the second ciphertext;
a sending unit, configured to send the first ciphertext and the first identifier to the first network device; wherein the content of the first and second substances,
quantum key distribution is carried out between a QKD terminal of the AS and a QKD terminal of the TGS to generate quantum key data, the AS and the TGS divide the quantum key data according to preset lengths to obtain a plurality of shared keys of the AS and the TGS respectively, key identifications are set for the shared keys of the AS and the TGS, and a corresponding relation between the shared keys of the AS and the TGS and the key identifications of the shared keys is established to obtain the first key set.
34. The AS authentication server according to claim 33, wherein the first encryption unit comprises:
the dividing subunit is used for dividing the first key according to the type of the encryption algorithm to obtain a first sub-key and a second sub-key;
the first encryption subunit is used for encrypting the first information by using the first subkey to obtain an initial ciphertext;
And the second encryption subunit is configured to encrypt the initial ciphertext by using the second subkey to obtain the second ciphertext.
35. The AS authentication server according to any one of claims 33 to 34, wherein the second encryption unit comprises:
a first receiving subunit, configured to receive a random number from the first network device;
and the third encryption subunit is configured to encrypt the second ciphertext, the third key, and the random number by using the second key to obtain the first ciphertext.
36. The AS authentication server AS claimed in claim 33, wherein the obtaining unit comprises:
a second receiving subunit, configured to receive a second identifier from the first network device;
and the obtaining subunit is configured to obtain, according to the second identifier, a second key identified by the second identifier from a second key set, where the second key set includes a plurality of shared keys of the first network device and the AS.
37. The AS authentication server of claim 33,
the obtaining unit is specifically configured to obtain a second key from a second key set, and obtain a second identifier, where the second identifier is used to identify the second key in the second key set;
The sending unit is specifically configured to send the first ciphertext, the first identifier, and the second identifier to the first network device.
38. The AS authentication server according to any of claims 36-37, wherein the second key is an unused key of the second set of keys, the AS authentication server further comprising:
an identifying unit configured to identify the second key in the second key set as used.
39. A TGS ticket issuing server, characterized in that the TGS ticket issuing server comprises:
the receiving unit is used for receiving a first ciphertext and a first identifier sent by first network equipment;
a first obtaining unit, configured to obtain a first key from a first key set according to the first identifier, where the first key set includes shared keys of multiple authentication servers AS and the TGS; the first identifier is used for identifying an unused first key in the first key set;
a decryption unit, configured to decrypt the first ciphertext with the first key to obtain a second key, where the second key is a session key of the first network device and the TGS;
A second obtaining unit, configured to obtain an unused third key and a second identifier from a second key set, where the second key set includes shared keys of the TGSs and a second network device, and the second identifier is used to identify the third key;
a first setting unit configured to set the first key in the first key set as used;
a generation unit configured to generate a fourth key, where the fourth key is a session key of the first network device and the second network device;
an encrypting unit, configured to encrypt first session information with the second key to generate a second ciphertext, and encrypt second session information with the third key to generate a third ciphertext, where the first session information includes the fourth key, and the second session information includes the fourth key;
a sending unit, configured to send the second ciphertext, the third ciphertext, and the second identifier to the first network device; wherein the content of the first and second substances,
quantum key distribution is carried out between a QKD terminal of the AS and a QKD terminal of the TGS to generate quantum key data, the AS and the TGS divide the quantum key data according to preset lengths to obtain a plurality of shared keys of the AS and the TGS respectively, a key identifier is set for each shared key of the AS and the TGS, and a corresponding relation between the shared key of each AS and the TGS and the key identifier of the shared key is established to obtain a first key set; and/or quantum key distribution is carried out between a QKD terminal of the TGS and a QKD terminal of the second network device to generate quantum key data, the TGS and the second network device divide the quantum key data according to a preset length to obtain shared keys of a plurality of TGS and the second network device, key identifications are set for the shared keys of each TGS and the second network device, and a corresponding relation between the shared keys of each TGS and the second network device and the key identifications of the shared keys is established to obtain a second key set.
40. The TGS ticket issuing server according to claim 39, wherein the decrypting unit comprises:
the first dividing sub-unit is used for dividing the first key according to the type of the encryption algorithm adopted by the AS to obtain a first sub-key and a second sub-key;
the first decryption subunit is configured to decrypt the first ciphertext by using the second subkey to obtain a first initial ciphertext;
and the second decryption subunit is used for decrypting the first initial ciphertext by using the first subkey to obtain the second key.
41. The TGS ticket issuing server according to claim 39, wherein the encryption unit comprises:
the second dividing subunit is used for dividing the third secret key according to the type of the encryption algorithm to obtain a third sub-secret key and a fourth sub-secret key;
the first encryption subunit is configured to encrypt the second session information by using the third sub-key to obtain a second initial ciphertext;
and the second encryption subunit is configured to encrypt the second initial ciphertext by using the fourth subkey to obtain the third ciphertext.
42. The TGS ticket issuing server according to any one of claims 39 to 41, wherein the receiving unit comprises:
A receiving subunit, configured to receive a first ciphertext, a first identifier, and an identifier of a first network device, where the first ciphertext, the first identifier, and the identifier of the first network device are sent by the first network device;
the decryption subunit is configured to decrypt the first ciphertext by using the first key to obtain a decrypted device identifier;
and the identification subunit is used for identifying whether the identifier of the first network device is the same as the identifier of the decrypted device, and if so, passing the identity authentication of the first network device.
43. A second network device, the second network device comprising:
the receiving unit is used for receiving the ciphertext and the key identification sent by the first network equipment;
an obtaining unit, configured to obtain a first key from a key set according to the key identifier, where the key set includes a plurality of shared keys of the second network device and a ticket issuing server TGS;
the key identification is used for identifying a first key which is not used in the key set;
a decryption unit, configured to decrypt the ciphertext according to the first key to obtain a second key, where the second key is a session key of the first network device and the second network device;
an identifying unit configured to identify the first key in the set of keys as used; wherein the content of the first and second substances,
Quantum key distribution is carried out between a QKD terminal of the TGS and a QKD terminal of second network equipment to generate quantum key data, the TGS and the second network equipment divide the quantum key data according to preset lengths to obtain shared keys of a plurality of TGS and the second network equipment, key identifications are set for the shared keys of each TGS and the second network equipment, and a corresponding relation between the shared keys of each TGS and the second network equipment and the key identifications of the shared keys is established to obtain the key set.
44. The second network device of claim 43, wherein the decryption unit comprises:
the dividing subunit is used for dividing the first secret key according to the type of the encryption algorithm adopted by the TGS to obtain a first sub-secret key and a second sub-secret key;
the first decryption subunit is used for decrypting the ciphertext by using the first sub-key to obtain an initial ciphertext;
and the second decryption subunit is used for decrypting the initial ciphertext by using the second subkey to obtain the second key.
45. The second network device of claim 43, wherein the receiving unit comprises:
A first receiving subunit, configured to receive a ciphertext, a key identifier, and an identifier of the first network device, where the ciphertext, the key identifier, and the identifier are sent by the first network device;
the third decryption subunit is used for decrypting the ciphertext according to the first key to obtain a decrypted device identifier;
and the identification subunit is used for identifying whether the identifier of the first network device is the same as the decrypted device identifier, and if so, passing the identity authentication of the first network device.
46. Second network device according to any of claims 43-45,
the receiving unit is specifically configured to receive a ciphertext, a key identifier, and a first random number sent by the first network device; the second network device further comprises:
the authentication unit is configured to generate identity authentication information according to the second key and send the identity authentication information to the first network device for identity authentication, and specifically includes:
a generation subunit configured to generate a second random number;
a calculating subunit, configured to perform a hash operation on the second key, the first random number, and the second random number to obtain a first hash value;
and the sending subunit is configured to send the first hash value and the second random number to the first network device for identity authentication.
47. An encrypted system, the system comprising:
at least one first network device of any one of claims 24-32, an AS authentication server of any one of claims 33-38, a TGS ticket issuing server of any one of claims 39-42 and at least one second network device of any one of claims 43-46.
CN201710240086.9A 2017-04-13 2017-04-13 Encryption method, device and system Active CN108737093B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710240086.9A CN108737093B (en) 2017-04-13 2017-04-13 Encryption method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710240086.9A CN108737093B (en) 2017-04-13 2017-04-13 Encryption method, device and system

Publications (2)

Publication Number Publication Date
CN108737093A CN108737093A (en) 2018-11-02
CN108737093B true CN108737093B (en) 2022-07-12

Family

ID=63924400

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710240086.9A Active CN108737093B (en) 2017-04-13 2017-04-13 Encryption method, device and system

Country Status (1)

Country Link
CN (1) CN108737093B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213045A (en) * 2019-05-30 2019-09-06 全链通有限公司 Transmission method, equipment and the computer readable storage medium of session key

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698381B2 (en) * 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
CN101340436B (en) * 2008-08-14 2011-05-11 普天信息技术研究院有限公司 Method and apparatus implementing remote access control based on portable memory apparatus
CN102421096B (en) * 2011-12-22 2016-01-20 厦门雅迅网络股份有限公司 A kind of data safe transmission method based on wireless network
CN103002442A (en) * 2012-12-20 2013-03-27 邱华 Safe wireless local area network key distribution method
KR101730757B1 (en) * 2013-04-12 2017-04-26 엔이씨 유럽 리미티드 Method and system for accessing device by a user
CN104158791A (en) * 2013-05-14 2014-11-19 北大方正集团有限公司 Safe communication authentication method and system in distributed environment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system

Also Published As

Publication number Publication date
CN108737093A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
CN111052672B (en) Secure key transfer protocol without certificate or pre-shared symmetric key
EP3349393B1 (en) Mutual authentication of confidential communication
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
JP5307191B2 (en) System and method for secure transaction of data between a wireless communication device and a server
JP4814339B2 (en) Constrained encryption key
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
CN108282329B (en) Bidirectional identity authentication method and device
CN108347404B (en) Identity authentication method and device
EP3469763B1 (en) A method for unified network and service authentication based on id-based cryptography
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
US12010216B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN108809633B (en) Identity authentication method, device and system
WO2018127118A1 (en) Identity authentication method and device
US10630466B1 (en) Apparatus and method for exchanging cryptographic information with reduced overhead and latency
US11528127B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
US11909872B2 (en) Set up and distribution of post-quantum secure pre-shared keys using extendible authentication protocol
CN108737093B (en) Encryption method, device and system
KR20040013966A (en) Authentication and key agreement scheme for mobile network
CN112019553B (en) Data sharing method based on IBE/IBBE
JP2006262425A (en) Mutual authentication on network by public key cryptosystem, and mutual exchange system of public key
CN108429717B (en) Identity authentication method and device
KR20170087120A (en) Certificateless public key encryption system and receiving terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant